GetAppContainerNamedObjectPath function

The GetAppContainerNamedObjectPath function retrieves the named object path for the app container. Each app container has its own named object path.

Syntax

BOOL GetAppContainerNamedObjectPath(
  HANDLE Token,
  PSID   AppContainerSid,
  ULONG  ObjectPathLength,
  LPWSTR ObjectPath,
  PULONG ReturnLength
);

Parameters

Token

A handle pertaining to the token. If NULL is passed in and no AppContainerSid parameter is passed in, the caller's current process token is used, or the thread token if impersonating.

AppContainerSid

The SID of the app container.

ObjectPathLength

The length of the buffer.

ObjectPath

Buffer that is filled with the named object path.

ReturnLength

Returns the length required to accommodate the length of the named object path.

Return Value

If the function succeeds, the function returns a value of TRUE.

If the function fails, it returns a value of FALSE. To get extended error information, call GetLastError.

Remarks

For assistive technology tools that work across Windows Store apps and desktop applications and have features that get loaded in the context of Windows Store apps, at times it may be necessary for the in-context feature to synchronize with the tool. Typically such synchronization is accomplished by establishing a named object in the user's session. Windows Store apps pose a challenge for this mechanism because, by default, named objects in the user's or global session are not accessible to Windows Store apps. We recommend that you update assistive technology tools to use UI Automation APIs or Magnification APIs to avoid such pitfalls. In the interim, it may be necessary to continue using named objects.

Examples

The following sample established a named object so that it is accessible from a Windows Store app.

C++
#pragma comment(lib, "advapi32.lib")
#include <windows.h>
#include <stdio.h>
#include <aclapi.h>
#include <tchar.h>

int main(void) { BOOL GetLogonSid (HANDLE hToken, PSID *ppsid) { BOOL bSuccess = FALSE; DWORD dwLength = 0; PTOKEN_GROUPS ptg = NULL;

// Verify the parameter passed in is not NULL.
if (NULL == ppsid)
    goto Cleanup;

// Get required buffer size and allocate the TOKEN_GROUPS buffer.

if (!GetTokenInformation(
        hToken,         // handle to the access token
        TokenLogonSid,    // get information about the token's groups 
        (LPVOID) ptg,   // pointer to TOKEN_GROUPS buffer
        0,              // size of buffer
        &amp;dwLength       // receives required buffer size
    )) 
{
    if (GetLastError() != ERROR_INSUFFICIENT_BUFFER) 
        goto Cleanup;

    ptg = (PTOKEN_GROUPS)HeapAlloc(GetProcessHeap(),
                                HEAP_ZERO_MEMORY, dwLength);

    if (ptg == NULL)
        goto Cleanup;
}

// Get the token group information from the access token.

if (!GetTokenInformation(
        hToken,         // handle to the access token
        TokenLogonSid,    // get information about the token's groups 
        (LPVOID) ptg,   // pointer to TOKEN_GROUPS buffer
        dwLength,       // size of buffer
        &amp;dwLength       // receives required buffer size
        ) || ptg-&gt;GroupCount != 1) 
{
    goto Cleanup;
}

// Found the logon SID; make a copy of it.

dwLength = GetLengthSid(ptg-&gt;Groups[0].Sid);
*ppsid = (PSID) HeapAlloc(GetProcessHeap(),
            HEAP_ZERO_MEMORY, dwLength);
if (*ppsid == NULL)
    goto Cleanup;
if (!CopySid(dwLength, *ppsid, ptg-&gt;Groups[0].Sid)) 
{
    HeapFree(GetProcessHeap(), 0, (LPVOID)*ppsid);
    goto Cleanup;
}

bSuccess = TRUE;

Cleanup:

// Free the buffer for the token groups.

if (ptg != NULL)
    HeapFree(GetProcessHeap(), 0, (LPVOID)ptg);

return bSuccess;

}

BOOL CreateObjectSecurityDescriptor(PSID pLogonSid, PSECURITY_DESCRIPTOR* ppSD) { BOOL bSuccess = FALSE; DWORD dwRes; PSID pAllAppsSID = NULL; PACL pACL = NULL; PSECURITY_DESCRIPTOR pSD = NULL; EXPLICIT_ACCESS ea[2]; SID_IDENTIFIER_AUTHORITY ApplicationAuthority = SECURITY_APP_PACKAGE_AUTHORITY;

// Create a well-known SID for the all appcontainers group.
if(!AllocateAndInitializeSid(&amp;ApplicationAuthority, 
        SECURITY_BUILTIN_APP_PACKAGE_RID_COUNT,
        SECURITY_APP_PACKAGE_BASE_RID,
        SECURITY_BUILTIN_PACKAGE_ANY_PACKAGE,
        0, 0, 0, 0, 0, 0,
        &amp;pAllAppsSID))
{
    wprintf(L"AllocateAndInitializeSid Error %u\n", GetLastError());
    goto Cleanup;
}

// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow LogonSid generic all access
ZeroMemory(&amp;ea, 2 * sizeof(EXPLICIT_ACCESS));
ea[0].grfAccessPermissions = STANDARD_RIGHTS_ALL | MUTEX_ALL_ACCESS;
ea[0].grfAccessMode = SET_ACCESS;
ea[0].grfInheritance= NO_INHERITANCE;
ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[0].Trustee.TrusteeType = TRUSTEE_IS_USER;
ea[0].Trustee.ptstrName  = (LPTSTR) pLogonSid;

// Initialize an EXPLICIT_ACCESS structure for an ACE.
// The ACE will allow the all appcontainers execute permission
ea[1].grfAccessPermissions = STANDARD_RIGHTS_READ | STANDARD_RIGHTS_EXECUTE | SYNCHRONIZE | MUTEX_MODIFY_STATE;
ea[1].grfAccessMode = SET_ACCESS;
ea[1].grfInheritance= NO_INHERITANCE;
ea[1].Trustee.TrusteeForm = TRUSTEE_IS_SID;
ea[1].Trustee.TrusteeType = TRUSTEE_IS_GROUP;
ea[1].Trustee.ptstrName  = (LPTSTR) pAllAppsSID;

// Create a new ACL that contains the new ACEs.
dwRes = SetEntriesInAcl(2, ea, NULL, &amp;pACL);
if (ERROR_SUCCESS != dwRes) 
{
    wprintf(L"SetEntriesInAcl Error %u\n", GetLastError());
    goto Cleanup;
}

// Initialize a security descriptor.  
pSD = (PSECURITY_DESCRIPTOR) LocalAlloc(LPTR, 
                         SECURITY_DESCRIPTOR_MIN_LENGTH); 
if (NULL == pSD) 
{ 
    wprintf(L"LocalAlloc Error %u\n", GetLastError());
    goto Cleanup; 
} 

if (!InitializeSecurityDescriptor(pSD,
        SECURITY_DESCRIPTOR_REVISION)) 
{  
    wprintf(L"InitializeSecurityDescriptor Error %u\n",
                            GetLastError());
    goto Cleanup; 
} 

// Add the ACL to the security descriptor. 
if (!SetSecurityDescriptorDacl(pSD, 
        TRUE,     // bDaclPresent flag   
        pACL, 
        FALSE))   // not a default DACL 
{  
    wprintf(L"SetSecurityDescriptorDacl Error %u\n",
            GetLastError());
    goto Cleanup; 
} 

*ppSD = pSD;
pSD = NULL;
bSuccess = TRUE;

Cleanup:

if (pAllAppsSID) 
    FreeSid(pAllAppsSID);
if (pACL) 
    LocalFree(pACL);
if (pSD) 
    LocalFree(pSD);

return bSuccess;

}

� PSID pLogonSid = NULL; PSECURITY_DESCRIPTOR pSd = NULL; SECURITY_ATTRIBUTES SecurityAttributes; HANDLE hToken = NULL; HANDLE hMutex = NULL;

� //Allowing LogonSid and all appcontainers. if (GetLogonSid(hToken, &pLogonSid) && CreateObjectSecurityDescriptor(pLogonSid, &pSd) ) { SecurityAttributes.nLength = sizeof(SECURITY_ATTRIBUTES); SecurityAttributes.bInheritHandle = TRUE; SecurityAttributes.lpSecurityDescriptor = pSd;

    hMutex = CreateMutex( 
                &amp;SecurityAttributes,         // default security descriptor
                FALSE,                       // mutex not owned
                TEXT("NameOfMutexObject"));  // object name
}

return 0;

}

Requirements

   
Windows version Windows 8 [desktop apps only] Windows Server 2012 [desktop apps only]
Target Platform Windows
Header securityappcontainer.h
Library Kernel32.lib
DLL Kernel32.dll