Pervasive Package Identifiers

摘要

A package identifier for a package from which an application is installed on a computing device is obtained. The package identifier is assigned to each of one or more processes created for running the application and, for each of the one or more processes, whether the process is permitted to access a resource of the computing device is determined based at least in part on the package identifier.

主权项

1. A system comprising:
one or more processors; and one or more computer-readable media having stored thereon computer-executable instructions that are executable by the one or more processors to perform operations including: obtaining, at a computing device for an application installed on the computing device from a package, a package identifier for the package, the package identifier including an identifier of an architecture of computing devices on which the application is designed to operate, the application having been installed only if a publisher of the package included in the package identifier was verified as being the same as the publisher included in a digital certificate associated with the package; maintaining the package identifier in a protected manner such that the package identifier is accessible to an operating system of the device but not accessible to other applications of the device; assigning the package identifier to each of one or more processes created for the application, wherein each process created for the application includes a process token generated by the operating system of the computing device, the process incapable of modifying the process token; and determining, based at least in part on the package identifier, for each of the one or more processes whether the process is permitted to access a resource of the computing device.