1. 11/12/ :06 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

2. 11/12/ :06 PM
P4086
Beyond App Containers: Gaining privileged access to hardware inside your Windows app using Custom Capabilities
Viraf Gandhi Ben McGregor
Sr. Program Manager Sr. Software Developer
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

3. Hardware apps landscape
IHV and OEM applications:
Mostly Win32
Provides user control of hardware functionality settings
Pre-installed or installed with a driver (specific to hardware) via WU or setup.exe from a Website
Problem:
Desktop only
Can not be serviced outside an “updater app”
Get easily out of sync with OS upgrades
Most require a co-installer

4. Multiple device families
Windows 10 for all PC
Xbox
Multiple device families
Mobile
HoloLens
Surface Hub
Devices +IoT
Adaptive user interface
Common APIs and SDK
Natural user inputs
Common store and dev center
Common toolset
One App Platform

5. What about WSDA?
Windows Store Device Apps are only available on desktop
Complex authoring experience
Device Metadata provisioning adds additional cloud dependency
No Scalable, secure access to NT Services

6. Introducing Custom Capability
Microsoft Build 2017
11/12/ :06 PM
Introducing Custom Capability
New in Windows 10 Creators Update!!!
Provide capability driven secure access to NT Services & Drivers for UWP App
App Capabilities gate access to certain APIs and resources
Custom Capability declared in APP Package Manifest
<Capabilities>
<uap4:CustomCapability   Name=”CompanyName.capabilityName_PublisherID” />
</Capabilities>
Capability Type
Intent
Examples
General-Use
Most common app scenarios
Music, Pictures, etc
Device
Access to peripherals & internal devices
Location, Proximity, etc
Restricted
Specific Microsoft approved scenarios
Enterprise Authentication, Document library access, etc
NEW: Custom Capability
Capability Owner can securely manage access to their hardware or service from UWP apps
Access to GPU from app
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

7. Custom Capability opens access to system software
Access to system software enabled by a custom capability defined by the driver package author
UWP app initiated communication with NT Service
Leverages familiar RPC Protocol
Driver access enabled using Windows.Devices.Custom
UWP App
Custom Capability
Windows.Devices.Custom
RPC
Apps
System Software
Custom Capability
Custom Capability
Driver
(User or Kernel Mode)
NT Service
New
IHV
IHV or OEM

8. Granting Custom Capability Access
Microsoft Build 2017
11/12/ :06 PM
Granting Custom Capability Access
Driver Access
Via INF
Within the Driver Code
NT Service RPC Endpoint
const WCHAR* CustomCapabilityName = L"microsoft.hsaTestCustomCapability_q536wpkpf5cy2";
...
DeriveCapabilitySidsFromName(...)
InitializeSecurityDescriptor(...)
status = RpcServerUseProtseqEp(
reinterpret_cast<RPC_WSTR>(protocolSequence),
RPC_C_PROTSEQ_MAX_REQS_DEFAULT,
reinterpret_cast<RPC_WSTR>(RPC_STATIC_ENDPOINT),
&rpcSecurityDescriptor);
status = RpcServerRegisterIf3(
RpcInterface_v1_0_s_ifspec,
nullptr,
RPC_IF_AUTOLISTEN | RPC_IF_ALLOW_LOCAL_ONLY,
RPC_C_LISTEN_MAX_CALLS_DEFAULT, 0,
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

9. Can any UWP app declare a Custom Capability?
Microsoft Build 2017
11/12/ :06 PM
Can any UWP app declare a Custom Capability?
NO!! Only authorized apps can declare them
Authorization is granted by including a Signed Custom Capability Descriptor (SCCD) in the APPX
<?xml version="1.0" encoding="utf-8"?>
<CustomCapabilityDescriptor xmlns=" xmlns:s="
<CustomCapabilities>
<CustomCapability Name="microsoft.hsaTestCustomCapability_q536wpkpf5cy2"></CustomCapability>
</CustomCapabilities>
<AuthorizedEntities>
<AuthorizedEntity
AppPackageFamilyName="MicrosoftHSATest.Microsoft.SDKSamples.Hsa.CPP_q536wpkpf5cy2“
CertificateSignatureHash="ca9fc964db7e0c f e7a8cfde0f3eaa d4764e86c4">
</AuthorizedEntity>
</AuthorizedEntities>
<Catalog>FFFF</Catalog>
</CustomCapabilityDescriptor>
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

10. Trust Model – Developer Workflow
Code Signing Root Certificate
HW dev lists app dev as an authorized user of a custom capability
App dev requests a Signed Custom Capability Definition file (SCCD) for the capability, providing a root certificate as input
App dev packages SCCD with app
At install time, OS validates the content of the SCCD
UWP App granted access to capability if app is authorized by the SCCD
If app is not authorized, it will not be installed
Custom Capability Manager
Dev Center
Appx
Target Client
SCCD
UWP App
OS Code
Windows OS
UWP App
ISV Container
IHV Container
Driver
(User or Kernel Mode)
NT Service

11. Microsoft Build 2017
11/12/ :06 PM
Demo
Enabling privileged access to hardware inside your Windows app using Custom Capabilities
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

12. Microsoft Build 2017
11/12/ :06 PM
Recap
Custom Capabilities enable privileged access to hardware from UWP app
Coming Soon: App targeting without needing device metadata & improved app acquisition experience
UWP app sample:
Driver sample:
Getting started guide:
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

13. 11/12/ :06 PM
© Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.