search

microsoft / win32-app-isolation

Tools and documentation for Win32 app isolation
MIT License
1.26k stars 33 forks source link

[Inquiry]: Are there any unavailable `Extension`s? #61

Open HashidaTKS opened 6 months ago

HashidaTKS commented 6 months ago

Description

Overview

When I try to isolate Firefox, I got a manifest error The Appx package's manifest is invalid. (Exception from HRESULT: 0x80080204). However, by removing Extensions in the manifest file, it worked fine.

Are there any unavailable Extensions with Win32 app isolation? And if it is right, should we remove them from the manifest file?

How to reproduce

Then, after saving manifest, I got the 0x80080204 error.

Here is a full manifest that causes the 0x80080204 error.

<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:previewsecurity2="http://schemas.microsoft.com/appx/manifest/preview/windows10/security/2" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap2="http://schemas.microsoft.com/appx/manifest/uap/windows10/2" xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3" xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" xmlns:desktop7="http://schemas.microsoft.com/appx/manifest/desktop/windows10/7" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:com="http://schemas.microsoft.com/appx/manifest/com/windows10" IgnorableNamespaces="uap uap2 uap3 uap10 desktop7 rescap com previewsecurity2">
  <!--Package created by MSIX Packaging Tool version: 1.2023.517.0-->
  <Identity Name="MyFirefox" Publisher="CN=Contoso Software, O=Contoso Corporation, C=US" Version="1.0.0.0" ProcessorArchitecture="x64" />
  <Properties>
    <DisplayName>MyFirefox</DisplayName>
    <PublisherDisplayName>MyFirefox</PublisherDisplayName>
    <Description>None</Description>
    <Logo>Assets\StoreLogo.png</Logo>
    <uap10:PackageIntegrity>
      <uap10:Content Enforcement="on" />
    </uap10:PackageIntegrity>
  </Properties>
  <Resources>
    <Resource Language="en-us" />
  </Resources>
  <Dependencies>
    <TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.25357.0" MaxVersionTested="10.0.25357.0" />
  </Dependencies>
  <Applications>
    <Application Id="FIREFOX" Executable="VFS\ProgramFilesX64\Mozilla Firefox\firefox.exe" uap10:TrustLevel="appContainer" previewsecurity2:RuntimeBehavior="appSilo">
      <uap:VisualElements BackgroundColor="transparent" DisplayName="Firefox" Square150x150Logo="Assets\FIREFOX-Square150x150Logo.png" Square44x44Logo="Assets\FIREFOX-Square44x44Logo.png" Description="Firefox">
        <uap:DefaultTile Wide310x150Logo="Assets\FIREFOX-Wide310x150Logo.png" Square310x310Logo="Assets\FIREFOX-Square310x310Logo.png" Square71x71Logo="Assets\FIREFOX-Square71x71Logo.png" />
      </uap:VisualElements>
      <Extensions>
        <desktop7:Extension Category="windows.shortcut">
          <desktop7:Shortcut File="[{Common Programs}]\Firefox.lnk" Icon="[{Package}]\VFS\ProgramFilesX64\Mozilla Firefox\firefox.exe" />
        </desktop7:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="htm">
            <uap:SupportedFileTypes>
              <uap:FileType>.htm</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\htm.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="html">
            <uap:SupportedFileTypes>
              <uap:FileType>.html</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\htm.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="shtml">
            <uap:SupportedFileTypes>
              <uap:FileType>.shtml</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\htm.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="xht">
            <uap:SupportedFileTypes>
              <uap:FileType>.xht</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\htm.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="xhtml">
            <uap:SupportedFileTypes>
              <uap:FileType>.xhtml</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\htm.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="svg">
            <uap:SupportedFileTypes>
              <uap:FileType>.svg</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\htm.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="webp">
            <uap:SupportedFileTypes>
              <uap:FileType>.webp</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\htm.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="avif">
            <uap:SupportedFileTypes>
              <uap:FileType>.avif</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\htm.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.fileTypeAssociation">
          <uap3:FileTypeAssociation Name="pdf">
            <uap:SupportedFileTypes>
              <uap:FileType>.pdf</uap:FileType>
            </uap:SupportedFileTypes>
            <uap:Logo>Assets\pdf.png</uap:Logo>
            <uap2:SupportedVerbs>
              <uap3:Verb Id="open" Parameters="-osint -url &quot;%1&quot;">open</uap3:Verb>
            </uap2:SupportedVerbs>
          </uap3:FileTypeAssociation>
        </uap3:Extension>
        <uap3:Extension Category="windows.protocol">
          <uap3:Protocol Name="firefoxurl-308046b0af4a39cb" Parameters="-osint -url &quot;%1&quot;">
            <uap:DisplayName>firefoxurl-308046b0af4a39cb</uap:DisplayName>
            <uap:Logo>Assets\htm.png</uap:Logo>
          </uap3:Protocol>
        </uap3:Extension>
        <uap3:Extension Category="windows.protocol">
          <uap3:Protocol Name="http" Parameters="-osint -url &quot;%1&quot;">
            <uap:DisplayName>http</uap:DisplayName>
            <uap:Logo>Assets\htm.png</uap:Logo>
          </uap3:Protocol>
        </uap3:Extension>
        <uap3:Extension Category="windows.protocol">
          <uap3:Protocol Name="https" Parameters="-osint -url &quot;%1&quot;">
            <uap:DisplayName>https</uap:DisplayName>
            <uap:Logo>Assets\htm.png</uap:Logo>
          </uap3:Protocol>
        </uap3:Extension>
        <uap3:Extension Category="windows.protocol">
          <uap3:Protocol Name="mailto" Parameters="-osint -url &quot;%1&quot;">
            <uap:DisplayName>mailto</uap:DisplayName>
            <uap:Logo>Assets\htm.png</uap:Logo>
          </uap3:Protocol>
        </uap3:Extension>
      </Extensions>
    </Application>
  </Applications>
  <Extensions>
    <com:Extension Category="windows.comInterface">
      <com:ComInterface>
        <com:ProxyStub Id="1814ceeb-49e2-407f-af99-fa755a7d2607" Path="VFS\ProgramFilesX64\Mozilla Firefox\AccessibleMarshal.dll" DisplayName="PSFactoryBuffer" />
        <com:Interface Id="4e747be5-2052-4265-8af0-8ecad7aad1c0" ProxyStubClsid="1814ceeb-49e2-407f-af99-fa755a7d2607" />
        <com:Interface Id="1814ceeb-49e2-407f-af99-fa755a7d2607" ProxyStubClsid="1814ceeb-49e2-407f-af99-fa755a7d2607" />
        <com:Interface Id="0d68d6d0-d93d-4d08-a30d-f00dd1f45b24" ProxyStubClsid="1814ceeb-49e2-407f-af99-fa755a7d2607" />
      </com:ComInterface>
    </com:Extension>
  </Extensions>
  <Capabilities>
    <rescap:Capability Name="runFullTrust" />
  </Capabilities>
</Package>

After I removed the Extensions under Application, it worked file.

<?xml version="1.0" encoding="utf-8"?>
<Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10" xmlns:previewsecurity2="http://schemas.microsoft.com/appx/manifest/preview/windows10/security/2" xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10" xmlns:uap2="http://schemas.microsoft.com/appx/manifest/uap/windows10/2" xmlns:uap3="http://schemas.microsoft.com/appx/manifest/uap/windows10/3" xmlns:uap10="http://schemas.microsoft.com/appx/manifest/uap/windows10/10" xmlns:desktop7="http://schemas.microsoft.com/appx/manifest/desktop/windows10/7" xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities" xmlns:com="http://schemas.microsoft.com/appx/manifest/com/windows10" IgnorableNamespaces="uap uap2 uap3 uap10 desktop7 rescap com previewsecurity2">
  <!--Package created by MSIX Packaging Tool version: 1.2023.517.0-->
  <Identity Name="MyFirefox" Publisher="CN=Contoso Software, O=Contoso Corporation, C=US" Version="1.0.0.0" ProcessorArchitecture="x64" />
  <Properties>
    <DisplayName>MyFirefox</DisplayName>
    <PublisherDisplayName>MyFirefox</PublisherDisplayName>
    <Description>None</Description>
    <Logo>Assets\StoreLogo.png</Logo>
    <uap10:PackageIntegrity>
      <uap10:Content Enforcement="on" />
    </uap10:PackageIntegrity>
  </Properties>
  <Resources>
    <Resource Language="en-us" />
  </Resources>
  <Dependencies>
    <TargetDeviceFamily Name="Windows.Desktop" MinVersion="10.0.25357.0" MaxVersionTested="10.0.25357.0" />
  </Dependencies>
  <Applications>
    <Application Id="FIREFOX" Executable="VFS\ProgramFilesX64\Mozilla Firefox\firefox.exe" uap10:TrustLevel="appContainer" previewsecurity2:RuntimeBehavior="appSilo">
      <uap:VisualElements BackgroundColor="transparent" DisplayName="Firefox" Square150x150Logo="Assets\FIREFOX-Square150x150Logo.png" Square44x44Logo="Assets\FIREFOX-Square44x44Logo.png" Description="Firefox">
        <uap:DefaultTile Wide310x150Logo="Assets\FIREFOX-Wide310x150Logo.png" Square310x310Logo="Assets\FIREFOX-Square310x310Logo.png" Square71x71Logo="Assets\FIREFOX-Square71x71Logo.png" />
      </uap:VisualElements>
      <Extensions>
      </Extensions>
    </Application>
  </Applications>
  <Extensions>
    <com:Extension Category="windows.comInterface">
      <com:ComInterface>
        <com:ProxyStub Id="1814ceeb-49e2-407f-af99-fa755a7d2607" Path="VFS\ProgramFilesX64\Mozilla Firefox\AccessibleMarshal.dll" DisplayName="PSFactoryBuffer" />
        <com:Interface Id="4e747be5-2052-4265-8af0-8ecad7aad1c0" ProxyStubClsid="1814ceeb-49e2-407f-af99-fa755a7d2607" />
        <com:Interface Id="1814ceeb-49e2-407f-af99-fa755a7d2607" ProxyStubClsid="1814ceeb-49e2-407f-af99-fa755a7d2607" />
        <com:Interface Id="0d68d6d0-d93d-4d08-a30d-f00dd1f45b24" ProxyStubClsid="1814ceeb-49e2-407f-af99-fa755a7d2607" />
      </com:ComInterface>
    </com:Extension>
  </Extensions>
  <Capabilities>
    <rescap:Capability Name="runFullTrust" />
  </Capabilities>
</Package>

Kind regards.

lilybarkley-msft commented 5 months ago

Hi HashidaTKS! All of the extensions in your manifest should be supported, can you try narrowing down which extension type is causing the issue?

HashidaTKS commented 4 months ago

Hi lilybarkley-msft, thank you for your reply.

All of the extensions in your manifest should be supported, can you try narrowing down which extension type is causing the issue?

I have tested it. As a result, if there exists even one Extension in Extensions, this error occurs. It occurs with any type of Extension.