none
[UWP]Add restricted capability runFullTrust in Package.appxmanifest cause App permissions disappear in App settings

    Question

  • Hi,

    As title, if I add runFullTrust capability in Package.appxmanifest,

    then "App permissions" area disappear in my App settings (Start Menu-> right click my app -> More -> App Settings),

    my capability config in Package.appxmanifest:

    <Package xmlns="http://schemas.microsoft.com/appx/manifest/foundation/windows10"
             xmlns:mp="http://schemas.microsoft.com/appx/2014/phone/manifest"
             xmlns:uap="http://schemas.microsoft.com/appx/manifest/uap/windows10"
             xmlns:rescap="http://schemas.microsoft.com/appx/manifest/foundation/windows10/restrictedcapabilities"
             IgnorableNamespaces="uap mp rescap">
    
      ...
    
      <Capabilities>
        <Capability Name="internetClient" />
        <uap:Capability Name="videosLibrary" />
        <uap:Capability Name="picturesLibrary" />
    <rescap:Capability Name="runFullTrust" />
    <rescap:Capability Name="appDiagnostics" /> </Capabilities> </Package>

    if remove <rescap:Capability Name="runFullTrust" />, will see the App permissions area normally.

    see screenshot:

    result of after add runFullTrust and before add runFullTrust

    How can I fix it? Or this is a bug?

    OS version: Windows 10, 1803 (17134.441)

    Thanks




    Thursday, December 6, 2018 11:14 AM

Answers

  • Hi,

    For that situation, I think you need to guide the customers to each privacy settings. Tell the customers if you want to enable or disable this permission, you could click this button then launch the setting page for the customers after button click. Pointer them directly to each privacy settings will make the customers more clear.

    Best regards,

    Roy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Emmett Tsai Wednesday, December 12, 2018 2:18 PM
    Tuesday, December 11, 2018 10:00 AM
    Moderator

All replies

  • Hi,

    I could reproduce this behavior, I need to confirm this with the team to see if this is expected. There might be some time delay.

    Best regards,

    Roy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Friday, December 7, 2018 6:13 AM
    Moderator
  • Hi,

    Sorry for the delay.

    This behavior is by design. The runFullTrust capability will make the app has full access to the resources on the user's machine and it will negate the individual permissions. So the App permissions will disapper. You should not enable full trust unless there is a specific reason for it. 

    Best regards,

    Roy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Monday, December 10, 2018 6:52 AM
    Moderator
  • Hi Roy,
    Thank you for confirm and reply.

    I reference to the DesktopBridgetoUWP sample and documents, runFullTrust is use for call a win32 exe.
    In my situation the exe is release from other people (I have no source).

    When I declare runFullTrust capability. Some privacy still need user to grant permission in UWP code.
    For example, I want to use AppDiagnosticInfo::RequestInfoAsync() to
    detect the Calculate App is running to decide whether to run the win32 exe.

    First time call AppDiagnosticInfo::RequestAccessAsync() / AppDiagnosticInfo::RequestInfoAsync()
    will popup a dialog to ask user to grant app diagnostics permission.

    If user say NO at first time, the dialog will not popup again when later call AppDiagnosticInfo api,
    and hence my UWP app no permission to access app diagnostics.

    However, I later found that I can find switch for my app in each privacy settings page respective.
    I can launch settings via uri: ms-settings:privacy-videos, ms-settings:privacy-backgroundapps, ... .

    But in the privacy settings page, will show all not only my app which use the privacy. So,
    I worry about that user will confuse which app they need to turn on.

    Emmett



    • Edited by Emmett Tsai Monday, December 10, 2018 5:03 PM
    Monday, December 10, 2018 5:01 PM
  • Hi,

    For that situation, I think you need to guide the customers to each privacy settings. Tell the customers if you want to enable or disable this permission, you could click this button then launch the setting page for the customers after button click. Pointer them directly to each privacy settings will make the customers more clear.

    Best regards,

    Roy


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    • Marked as answer by Emmett Tsai Wednesday, December 12, 2018 2:18 PM
    Tuesday, December 11, 2018 10:00 AM
    Moderator
  • Hi Roy,

    I understand, Thank you.

    Emmett

    Wednesday, December 12, 2018 2:17 PM