AppContainer 完整性级别 [英] AppContainer Integrity Level
问题描述
我目前正在尝试了解用于沙盒 WinRT 应用程序的 AppContainer 背后的机制.我知道 AppContainers 有自己的完整性级别,可以阻止对具有更高完整性级别的资产进行任何读写尝试.但是为什么这些应用不能访问以相同完整性级别运行的其他应用的数据?
I'm currently trying to understand the mechanics behind the AppContainer that is used to sandbox WinRT applications. I've understood that AppContainers have their own integrity level, that blocks any read and write attempts to assets with a higher integrity level. But why can't those apps then don't access the data of other apps running with in the same integrity level?
当应用获得相应的能力时,对对象的访问是如何工作的?例如,我假设相机没有标记appcontainer"完整性级别.因此,应直接阻止在应用程序容器中运行的应用程序对其的任何访问.但是可以声明相机功能并且应用程序将能够访问相机.这怎么可能?SID 中表示的功能能否以某种方式扩展"应用程序的完整性级别?
And how does the access to objects work when the app got the corresponding capability? I assume for example, that the camera is not tagged with the "appcontainer" integrity level. Therefore any access to it by an app running in an appcontainer should be directly blocked. But it's possible to declare the camera capability and the app will be able to access the camera. How is this possible? Can the capabilities that are denoted in the SID somehow "extend" the integrity level of an app?
提前致谢!
推荐答案
但是可以声明相机功能并且应用程序将能够访问相机.这怎么可能?能力是否可以在 SID 中表示的以某种方式扩展"了一个的完整性级别应用程序?
But it's possible to declare the camera capability and the app will be able to access the camera. How is this possible? Can the capabilities that are denoted in the SID somehow "extend" the integrity level of an app?
根据博客 Windows 8 App Container安全说明 - 第 1 部分.有 2 组 SID 常量:App Container SID 常量和 Capability SID 常量.这些定义了生成的 SID 是否具有作为 Internet 客户端、服务器(或两者)、访问图片、音乐、文档、共享证书或可移动存储等功能.
According to the blog Windows 8 App Container Security Notes - Part 1. There are 2 sets of SID constants: App Container SID Constants and Capability SID Constants. These define if the resulting SID will have the capabilities such as being an Internet Client, Server (or both), access to Pictures, Music, Documents, Shared Certificates or Removable Storage.
这篇关于AppContainer 完整性级别的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
