Research: AppContainer stuff

[MaulingMonkey]

• [x] Low box token?
• [ ] Research: Capability SIDs / Temporary SIDs #9
• [ ] Less Privileged App Container (LPAC)
• Implementing an AppContainer
• AppContainer for Legacy Applications
• AppContainer Isolation

[MaulingMonkey]

• userenv.h
  • CreateAppContainerProfile
  • DeleteAppContainerProfile
  • DeriveAppContainerSidFromAppContainerName
  • DeriveRestrictedAppContainerSidFromAppContainerSidAndRestrictedName
  • GetAppContainerFolderPath
  • GetAppContainerRegistryLocation

[MaulingMonkey]

https://github.com/chromium/chromium/search?q=AppContainer&type=commits

[MaulingMonkey]

Chromium uses the entirely undocumented CreateAppContainerToken from kernelbase.dll to implement the creation of an app container environment. This function isn't even found within my windows SDK headers. This explains my difficulty in finding useful information on the actual creation of app containers on https://docs.microsoft.com/ .

https://github.com/chromium/chromium/blob/c3d9547eabf7cc756af8ebf3ab6e5bd64a7ce7af/sandbox/win/src/restricted_token_utils.cc#L296-L329

[MaulingMonkey]

NtCreateLowBoxToken is the lower level API that CreateAppContainerToken was written in terms of?

chromium/chromium: [Windows] Use CreateAppContainerToken over NtCreateLowBoxToken.

[MaulingMonkey]

• chromium/sandbox/win/src/
  • app_container.h
  • app_container_base.cc
  • app_container_base.h
  • app_container_test.cc
  • app_container_unittest.cc
  • restricted_token.cc
  • restricted_token.h
  • restricted_token_test.cc
  • restricted_token_unittest.cc
  • restricted_token_utils.cc
  • restricted_token_utils.h

[MaulingMonkey]

Understanding Network Access in Windows AppContainers is a great read