AppContainer Integrity Level

↘锁芯ラ 提交于 2020-01-16 05:32:07

问题


I'm currently trying to understand the mechanics behind the AppContainer that is used to sandbox WinRT applications. I've understood that AppContainers have their own integrity level, that blocks any read and write attempts to assets with a higher integrity level. But why can't those apps then don't access the data of other apps running with in the same integrity level?

And how does the access to objects work when the app got the corresponding capability? I assume for example, that the camera is not tagged with the "appcontainer" integrity level. Therefore any access to it by an app running in an appcontainer should be directly blocked. But it's possible to declare the camera capability and the app will be able to access the camera. How is this possible? Can the capabilities that are denoted in the SID somehow "extend" the integrity level of an app?

Thanks in advance!


回答1:


But it's possible to declare the camera capability and the app will be able to access the camera. How is this possible? Can the capabilities that are denoted in the SID somehow "extend" the integrity level of an app?

According to the blog Windows 8 App Container Security Notes - Part 1. There are 2 sets of SID constants: App Container SID Constants and Capability SID Constants. These define if the resulting SID will have the capabilities such as being an Internet Client, Server (or both), access to Pictures, Music, Documents, Shared Certificates or Removable Storage.



来源:https://stackoverflow.com/questions/29611047/appcontainer-integrity-level

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!