From 9f8fb4c9bc8dd30f83e6368bdcd17d90db27c45c Mon Sep 17 00:00:00 2001 From: Paul Yim <47547007+PaulJYim@users.noreply.github.com> Date: Fri, 31 Mar 2023 16:12:24 -0700 Subject: [PATCH] Support to Bypass Store Client App Policy When Called Through COM (#3105) --- doc/specs/#888 - Com Api.md | 2 ++ src/AppInstallerCLICore/ExecutionContext.h | 1 + .../Workflows/MSStoreInstallerHandler.cpp | 5 +++-- src/Microsoft.Management.Deployment/InstallOptions.cpp | 8 ++++++++ src/Microsoft.Management.Deployment/InstallOptions.h | 3 +++ src/Microsoft.Management.Deployment/PackageManager.cpp | 6 ++++++ src/Microsoft.Management.Deployment/PackageManager.idl | 3 +++ 7 files changed, 26 insertions(+), 2 deletions(-) diff --git a/doc/specs/#888 - Com Api.md b/doc/specs/#888 - Com Api.md index 35123edd20..abf6236649 100644 --- a/doc/specs/#888 - Com Api.md +++ b/doc/specs/#888 - Com Api.md @@ -802,6 +802,8 @@ namespace Microsoft.Management.Deployment String LogOutputPath; /// Continues the install even if the hash in the catalog does not match the linked installer. Boolean AllowHashMismatch; + /// Allows Store installs when Store Client is disabled. + Boolean BypassIsStoreClientBlockedPolicyCheck; /// A string that will be passed to the installer. /// IMPLEMENTATION NOTE: maps to "--override" in the winget cmd line String ReplacementInstallerArguments; diff --git a/src/AppInstallerCLICore/ExecutionContext.h b/src/AppInstallerCLICore/ExecutionContext.h index 9255289269..23658fe495 100644 --- a/src/AppInstallerCLICore/ExecutionContext.h +++ b/src/AppInstallerCLICore/ExecutionContext.h @@ -64,6 +64,7 @@ namespace AppInstaller::CLI::Execution TreatSourceFailuresAsWarning = 0x8, ShowSearchResultsOnPartialFailure = 0x10, DisableInteractivity = 0x40, + BypassIsStoreClientBlockedPolicyCheck = 0x80, }; DEFINE_ENUM_FLAG_OPERATORS(ContextFlag); diff --git a/src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp b/src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp index e6ccc228a1..a4df6a873a 100644 --- a/src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp +++ b/src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp @@ -248,8 +248,9 @@ namespace AppInstaller::CLI::Workflow constexpr std::wstring_view s_StoreClientPublisher = L"CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"sv; // Policy check - AppInstallManager installManager; - if (installManager.IsStoreBlockedByPolicyAsync(s_StoreClientName, s_StoreClientPublisher).get()) + AppInstallManager installManager; + + if (!WI_IsFlagSet(context.GetFlags(), Execution::ContextFlag::BypassIsStoreClientBlockedPolicyCheck) && installManager.IsStoreBlockedByPolicyAsync(s_StoreClientName, s_StoreClientPublisher).get()) { context.Reporter.Error() << Resource::String::MSStoreStoreClientBlocked << std::endl; AICLI_LOG(CLI, Error, << "Store client is blocked by policy. MSStore execution failed."); diff --git a/src/Microsoft.Management.Deployment/InstallOptions.cpp b/src/Microsoft.Management.Deployment/InstallOptions.cpp index 46f3e64707..2f62add6d3 100644 --- a/src/Microsoft.Management.Deployment/InstallOptions.cpp +++ b/src/Microsoft.Management.Deployment/InstallOptions.cpp @@ -76,6 +76,14 @@ namespace winrt::Microsoft::Management::Deployment::implementation { m_allowHashMismatch = value; } + bool InstallOptions::BypassIsStoreClientBlockedPolicyCheck() + { + return m_bypassIsStoreClientBlockedPolicyCheck; + } + void InstallOptions::BypassIsStoreClientBlockedPolicyCheck(bool value) + { + m_bypassIsStoreClientBlockedPolicyCheck = value; + } hstring InstallOptions::ReplacementInstallerArguments() { return hstring(m_replacementInstallerArguments); diff --git a/src/Microsoft.Management.Deployment/InstallOptions.h b/src/Microsoft.Management.Deployment/InstallOptions.h index 0433fb3254..37c91b4c4c 100644 --- a/src/Microsoft.Management.Deployment/InstallOptions.h +++ b/src/Microsoft.Management.Deployment/InstallOptions.h @@ -23,6 +23,8 @@ namespace winrt::Microsoft::Management::Deployment::implementation void LogOutputPath(hstring const& value); bool AllowHashMismatch(); void AllowHashMismatch(bool value); + bool BypassIsStoreClientBlockedPolicyCheck(); + void BypassIsStoreClientBlockedPolicyCheck(bool value); hstring ReplacementInstallerArguments(); void ReplacementInstallerArguments(hstring const& value); hstring AdditionalInstallerArguments(); @@ -47,6 +49,7 @@ namespace winrt::Microsoft::Management::Deployment::implementation winrt::Microsoft::Management::Deployment::PackageInstallMode m_packageInstallMode = winrt::Microsoft::Management::Deployment::PackageInstallMode::Default; std::wstring m_logOutputPath = L""; bool m_allowHashMismatch = false; + bool m_bypassIsStoreClientBlockedPolicyCheck = false; std::wstring m_replacementInstallerArguments = L""; std::wstring m_additionalInstallerArguments = L""; std::wstring m_correlationData = L""; diff --git a/src/Microsoft.Management.Deployment/PackageManager.cpp b/src/Microsoft.Management.Deployment/PackageManager.cpp index abde649745..52193b43f9 100644 --- a/src/Microsoft.Management.Deployment/PackageManager.cpp +++ b/src/Microsoft.Management.Deployment/PackageManager.cpp @@ -337,6 +337,12 @@ namespace winrt::Microsoft::Management::Deployment::implementation { context->Args.AddArg(Execution::Args::Type::HashOverride); } + + if (options.BypassIsStoreClientBlockedPolicyCheck()) + { + context->SetFlags(Execution::ContextFlag::BypassIsStoreClientBlockedPolicyCheck); + } + if (options.Force()) { context->Args.AddArg(Execution::Args::Type::Force); diff --git a/src/Microsoft.Management.Deployment/PackageManager.idl b/src/Microsoft.Management.Deployment/PackageManager.idl index c363db4b2d..58d42748cc 100644 --- a/src/Microsoft.Management.Deployment/PackageManager.idl +++ b/src/Microsoft.Management.Deployment/PackageManager.idl @@ -817,6 +817,9 @@ namespace Microsoft.Management.Deployment /// Accept the package agreements required for installation. Boolean AcceptPackageAgreements; + + /// Bypasses the Disabled Store Policy + Boolean BypassIsStoreClientBlockedPolicyCheck; } }