We're using a sandbox alike solution along with other Windows Security Features to protect app data, so each app will be limited to access data related to itself.
There're 3 kinds of priviledges we provide for the following path:
-
Writable: installed apps have write access to several per-app systems paths obtained by passing a
ConstantsSDKDataTypesConstants.*_TAG
value toStorage.GetLocalPath()
orStorage.GetLocalPathAsync()
(see example).You can also visit directories under your current user name, like
C:\\Users\\{user name}
(in C#, useEnvironment.UserName
), but we strongly recommend you only write to paths obtained fromGetLocalPath()
. -
Read-Only: the app's installation directory is read-only to the app; you CANNOT write to the directory where it is installed or run from. To get it:
// appid = the app id you get/created for your app, from Subor Team, or on the dev portal. var installPath = SDK.Storage.GetLocalPathAsync(ConstantsSDKDataTypesConstants.HDD0_DRIVER_TAG + appid, CancellationToken.None).Result; // read any content from installPath, but write to it is forbidden
-
Fully denied: access to any other app's install/writable/read-only paths or any system path will cause an Exception.
During app installation, we create a path in the Windows Registry which is only visible to the current app. It's safe to save data there and it can't be read/written by other apps:
// appid = the app id you get/created for your app, from Subor Team, or on the dev portal.
var exclusiveRegistryPath = @"SOFTWARE\Ruyi\Apps\" + appid;