Skip to content

Commit

Permalink
Block msix provisioning api calls where known OS bugs exist (#2855)
Browse files Browse the repository at this point in the history
  • Loading branch information
yao-msft authored Jan 17, 2023
1 parent 76332f8 commit 6683dbe
Show file tree
Hide file tree
Showing 3 changed files with 50 additions and 5 deletions.
14 changes: 13 additions & 1 deletion src/AppInstallerCLICore/Workflows/InstallFlow.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -364,6 +364,18 @@ namespace AppInstaller::CLI::Workflow
uri = context.Get<Execution::Data::Installer>()->Url;
}

bool isMachineScope = Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine;

// TODO: There was a bug in deployment api if provision api was called in packaged context.
// Remove this check when the OS bug is fixed and back ported.
if (isMachineScope && Runtime::IsRunningInPackagedContext())
{
context.Reporter.Error() << Resource::String::InstallFlowReturnCodeSystemNotSupported << std::endl;
context.Add<Execution::Data::OperationReturnCode>(static_cast<DWORD>(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED));
AICLI_LOG(CLI, Error, << "Device wide install for msix type is not supported in packaged context.");
AICLI_TERMINATE_CONTEXT(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED);
}

context.Reporter.Info() << Resource::String::InstallFlowStartingPackageInstall << std::endl;

bool registrationDeferred = false;
Expand All @@ -372,7 +384,7 @@ namespace AppInstaller::CLI::Workflow
{
registrationDeferred = context.Reporter.ExecuteWithProgress([&](IProgressCallback& callback)
{
if (Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine)
if (isMachineScope)
{
return Deployment::AddPackageMachineScope(uri, callback);
}
Expand Down
27 changes: 24 additions & 3 deletions src/AppInstallerCLICore/Workflows/MSStoreInstallerHandler.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -85,13 +85,23 @@ namespace AppInstaller::CLI::Workflow
// Verifying/Acquiring product ownership
context.Reporter.Info() << Resource::String::MSStoreInstallTryGetEntitlement << std::endl;

AICLI_LOG(CLI, Info, << "Get user entitlement.");
GetEntitlementResult result = installManager.GetFreeUserEntitlementAsync(productId, winrt::hstring(), winrt::hstring()).get();
if (result.Status() == GetEntitlementStatus::NoStoreAccount)
GetEntitlementResult result{ nullptr };

if (Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine)
{
AICLI_LOG(CLI, Info, << "Get device entitlement.");
result = installManager.GetFreeDeviceEntitlementAsync(productId, winrt::hstring(), winrt::hstring()).get();
}
else
{
AICLI_LOG(CLI, Info, << "Get user entitlement.");
result = installManager.GetFreeUserEntitlementAsync(productId, winrt::hstring(), winrt::hstring()).get();
if (result.Status() == GetEntitlementStatus::NoStoreAccount)
{
AICLI_LOG(CLI, Info, << "Get device entitlement.");
result = installManager.GetFreeDeviceEntitlementAsync(productId, winrt::hstring(), winrt::hstring()).get();
}
}

if (result.Status() == GetEntitlementStatus::Succeeded)
{
Expand Down Expand Up @@ -143,6 +153,17 @@ namespace AppInstaller::CLI::Workflow

if (Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine)
{
// TODO: There was a bug in InstallService where admin user is incorrectly identified as not admin,
// causing false access denied on many OS versions.
// Remove this check when the OS bug is fixed and back ported.
if (!Runtime::IsRunningAsSystem())
{
context.Reporter.Error() << Resource::String::InstallFlowReturnCodeSystemNotSupported << std::endl;
context.Add<Execution::Data::OperationReturnCode>(static_cast<DWORD>(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED));
AICLI_LOG(CLI, Error, << "Device wide install for msstore type is not supported under admin context.");
AICLI_TERMINATE_CONTEXT(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED);
}

installOptions.InstallForAllUsers(true);
}

Expand Down
14 changes: 13 additions & 1 deletion src/AppInstallerCLICore/Workflows/UninstallFlow.cpp
Original file line number Diff line number Diff line change
Expand Up @@ -188,6 +188,18 @@ namespace AppInstaller::CLI::Workflow

void MsixUninstall(Execution::Context& context)
{
bool isMachineScope = Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine;

// TODO: There was a bug in deployment api if deprovision api was called in packaged context.
// Remove this check when the OS bug is fixed and back ported.
if (isMachineScope && Runtime::IsRunningInPackagedContext())
{
context.Reporter.Error() << Resource::String::InstallFlowReturnCodeSystemNotSupported << std::endl;
context.Add<Execution::Data::OperationReturnCode>(static_cast<DWORD>(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED));
AICLI_LOG(CLI, Error, << "Device wide uninstall for msix type is not supported in packaged context.");
AICLI_TERMINATE_CONTEXT(APPINSTALLER_CLI_ERROR_INSTALL_SYSTEM_NOT_SUPPORTED);
}

const auto& packageFamilyNames = context.Get<Execution::Data::PackageFamilyNames>();
context.Reporter.Info() << Resource::String::UninstallFlowStartingPackageUninstall << std::endl;

Expand All @@ -203,7 +215,7 @@ namespace AppInstaller::CLI::Workflow
AICLI_LOG(CLI, Info, << "Removing MSIX package: " << packageFullName.value());
try
{
if (Manifest::ConvertToScopeEnum(context.Args.GetArg(Execution::Args::Type::InstallScope)) == Manifest::ScopeEnum::Machine)
if (isMachineScope)
{
context.Reporter.ExecuteWithProgress(std::bind(Deployment::RemovePackageMachineScope, packageFamilyName, packageFullName.value(), std::placeholders::_1));
}
Expand Down

0 comments on commit 6683dbe

Please sign in to comment.