Open m417z opened 1 month ago
I looked at how Sysinternals DebugView does that. It does the following:
ConvertStringSecurityDescriptorToSecurityDescriptorA(
"D:(A;;GRGWGX;;;WD)(A;;GA;;;SY)(A;;GA;;;BA)(A;;GRGWGX;;;AN)(A;;GRGWGX;;;RC)(A;;GRGWGX;;;S-1-15-2-1)S:(ML;;NW;;;LW)",
SDDL_REVISION_1,
...
)
Since DebugView is the de facto standard tool for debug logging, you might want to align DebugView++ to use the exact same security descriptor.
Thank you!! That is very interesting, is there any more you can tell me about what this does, and what it is doing? I am not familiar with this at all.
Here are a couple of references:
A process within an AppContainer runs with an Integrity Level of low, which effectively means it has no access to almost everything, as the default integrity level of objects (such as files) is Medium.
My change, and DebugView's method (S-1-15-2-1
representing "All Application Packages") set permissions such that the relevant objects are accessible to AppContainer processes.
I didn't do extensive testing, and not sure about any possible regressions caused by switching from Option 2 to Option 1, but from a quick test, adding explicit permissions for "All Application Packages", "All Restricted Application Packages" makes Debugview++ work with UWP apps.
Fixes #365.