I'm currently trying to understand the mechanics behind the AppContainer that is used to sandbox WinRT applications. I've understood that AppContainers have their own integrity level, that blocks any read and write attempts to assets with a higher integrity level. But why can't those apps then don't access the data of other apps running with in the same integrity level?
And how does the access to objects work when the app got the corresponding capability? I assume for example, that the camera is not tagged with the "appcontainer" integrity level. Therefore any access to it by an app running in an appcontainer should be directly blocked. But it's possible to declare the camera capability and the app will be able to access the camera. How is this possible? Can the capabilities that are denoted in the SID somehow "extend" the integrity level of an app?
Thanks in advance!
According to the blog Windows 8 App Container Security Notes - Part 1. There are 2 sets of SID constants: App Container SID Constants and Capability SID Constants. These define if the resulting SID will have the capabilities such as being an Internet Client, Server (or both), access to Pictures, Music, Documents, Shared Certificates or Removable Storage.