From 034c143cc41d208662823f9bdc7ac22477b4d6cc Mon Sep 17 00:00:00 2001 From: yao-msft <50888816+yao-msft@users.noreply.github.com> Date: Tue, 17 Jan 2023 11:01:25 -0800 Subject: [PATCH] Block msix provisioning api calls where known OS bugs exist (#2855) --- .../Workflows/InstallFlow.cpp | 14 +++++++++- .../Workflows/MSStoreInstallerHandler.cpp | 27 ++++++++++++++++--- .../Workflows/UninstallFlow.cpp | 14 +++++++++- 3 files changed, 50 insertions(+), 5 deletions(-) diff --git a/src/AppInstallerCLICore/Workflows/InstallFlow.cpp b/src/AppInstallerCLICore/Workflows/InstallFlow.cpp index c1c4f73882..5918a284ee 100644 --- a/src/AppInstallerCLICore/Workflows/InstallFlow.cpp +++ b/src/AppInstallerCLICore/Workflows/InstallFlow.cpp @@ -363,6 +363,18 @@ namespace AppInstaller::CLI::Workflow uri = context.Get()->Url; } + bool isMachineScope = Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine; + + // TODO: There was a bug in deployment api if provision api was called in packaged context. + // Remove this check when the OS bug is fixed and back ported. + if (isMachineScope && Runtime::IsRunningInPackagedContext()) + { + context.Reporter.Error() << Resource::String::InstallFlowReturnCodeSystemNotSupported << std::endl; + context.Add(static_cast(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED)); + AICLI_LOG(CLI, Error, << "Device wide install for msix type is not supported in packaged context."); + AICLI_TERMINATE_CONTEXT(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED); + } + context.Reporter.Info() << Resource::String::InstallFlowStartingPackageInstall << std::endl; bool registrationDeferred = false; @@ -371,7 +383,7 @@ namespace AppInstaller::CLI::Workflow { registrationDeferred = context.Reporter.ExecuteWithProgress([&](IProgressCallback& callback) { - if (Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine) + if (isMachineScope) { return Deployment::AddPackageMachineScope(uri, callback); } diff --git a/src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp b/src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp index 78f8156410..7720bede8b 100644 --- a/src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp +++ b/src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp @@ -85,13 +85,23 @@ namespace AppInstaller::CLI::Workflow // Verifying/Acquiring product ownership context.Reporter.Info() << Resource::String::MSStoreInstallTryGetEntitlement << std::endl; - AICLI_LOG(CLI, Info, << "Get user entitlement."); - GetEntitlementResult result = installManager.GetFreeUserEntitlementAsync(productId, winrt::hstring(), winrt::hstring()).get(); - if (result.Status() == GetEntitlementStatus::NoStoreAccount) + GetEntitlementResult result{ nullptr }; + + if (Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine) { AICLI_LOG(CLI, Info, << "Get device entitlement."); result = installManager.GetFreeDeviceEntitlementAsync(productId, winrt::hstring(), winrt::hstring()).get(); } + else + { + AICLI_LOG(CLI, Info, << "Get user entitlement."); + result = installManager.GetFreeUserEntitlementAsync(productId, winrt::hstring(), winrt::hstring()).get(); + if (result.Status() == GetEntitlementStatus::NoStoreAccount) + { + AICLI_LOG(CLI, Info, << "Get device entitlement."); + result = installManager.GetFreeDeviceEntitlementAsync(productId, winrt::hstring(), winrt::hstring()).get(); + } + } if (result.Status() == GetEntitlementStatus::Succeeded) { @@ -143,6 +153,17 @@ namespace AppInstaller::CLI::Workflow if (Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine) { + // TODO: There was a bug in InstallService where admin user is incorrectly identified as not admin, + // causing false access denied on many OS versions. + // Remove this check when the OS bug is fixed and back ported. + if (!Runtime::IsRunningAsSystem()) + { + context.Reporter.Error() << Resource::String::InstallFlowReturnCodeSystemNotSupported << std::endl; + context.Add(static_cast(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED)); + AICLI_LOG(CLI, Error, << "Device wide install for msstore type is not supported under admin context."); + AICLI_TERMINATE_CONTEXT(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED); + } + installOptions.InstallForAllUsers(true); } diff --git a/src/AppInstallerCLICore/Workflows/UninstallFlow.cpp b/src/AppInstallerCLICore/Workflows/UninstallFlow.cpp index f049a20094..5b82479033 100644 --- a/src/AppInstallerCLICore/Workflows/UninstallFlow.cpp +++ b/src/AppInstallerCLICore/Workflows/UninstallFlow.cpp @@ -188,6 +188,18 @@ namespace AppInstaller::CLI::Workflow void MsixUninstall(Execution::Context& context) { + bool isMachineScope = Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine; + + // TODO: There was a bug in deployment api if deprovision api was called in packaged context. + // Remove this check when the OS bug is fixed and back ported. + if (isMachineScope && Runtime::IsRunningInPackagedContext()) + { + context.Reporter.Error() << Resource::String::InstallFlowReturnCodeSystemNotSupported << std::endl; + context.Add(static_cast(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED)); + AICLI_LOG(CLI, Error, << "Device wide uninstall for msix type is not supported in packaged context."); + AICLI_TERMINATE_CONTEXT(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED); + } + const auto& packageFamilyNames = context.Get(); context.Reporter.Info() << Resource::String::UninstallFlowStartingPackageUninstall << std::endl; @@ -203,7 +215,7 @@ namespace AppInstaller::CLI::Workflow AICLI_LOG(CLI, Info, << "Removing MSIX package: " << packageFullName.value()); try { - if (Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine) + if (isMachineScope) { context.Reporter.ExecuteWithProgress(std::bind(Deployment::RemovePackageMachineScope, packageFamilyName, packageFullName.value(), std::placeholders::_1)); }