4

I am trying to debug a code which uses NetworkIsolationEnumAppContainers(). The document of the function says, 

"The NetworkIsolationEnumAppContainers function enumerates all of the app containers that have been created in the system."

What does app container in the above definition mean? I have some experience with Linux container technologies (LXC particularly). Are they the same (or similar conceptually)? Can you point me to a document which provides as in depth technical description of app containers.

Sahil Singh
  • 3,352
  • 39
  • 62
  • 1
    It is a logical concept, represents the sandbox in which a UWP app runs. It primarily acts as a security boundary, ensuring the app cannot do anything that violates the capabilities requested in the manifest. Makes people feel good about downloading such an app from the Store. You can simply substitute it with "UWP process". – Hans Passant Jul 04 '17 at 11:05

1 Answers1

3

AppContainers are a sandbox mechanism which control what resources an UWP app can access or not. The UWP app have only access to a limited part of the file system, registry etc... The app container is also enforcing some rules about the network connectivity. For example, UWP apps cannot access the localhost. The network capabilities are driven by the manifest of the UWP app which must declare what it want to do (client, client+server). Based on the declaration of the app, the server will allow or not the network.

You should be able to find more detailed information here:

Vincent
  • 3,656
  • 1
  • 23
  • 32
  • Does this mean that some UWP apps will be detected by NetworkIsolationEnumAppContainers(), and some will not. i.e. Although all UWP apps have an associated container, but some may not have anything to do with network, and therefore may not be detected byb using this API. The issue I am trying to solve is that some UWP apps are not getting detected. – Sahil Singh Jul 06 '17 at 11:51
  • This is what I'm guessing. The UWP apps without any network capability does not have any reason to be exposed to the network isolation layer (even if they are still within the app container). – Vincent Jul 11 '17 at 10:31