diff --git a/specification/registry/xr.xml b/specification/registry/xr.xml index 90cd311..723d6f5 100644 --- a/specification/registry/xr.xml +++ b/specification/registry/xr.xml @@ -27,6 +27,7 @@ maintained in the default branch of the Khronos OpenXR GitHub project. + diff --git a/specification/sources/chapters/extensions/ext/ext_win32_appcontainer_compatible.adoc b/specification/sources/chapters/extensions/ext/ext_win32_appcontainer_compatible.adoc index 422d54e..80c7664 100644 --- a/specification/sources/chapters/extensions/ext/ext_win32_appcontainer_compatible.adoc +++ b/specification/sources/chapters/extensions/ext/ext_win32_appcontainer_compatible.adoc @@ -4,6 +4,9 @@ include::../meta/XR_EXT_win32_appcontainer_compatible.adoc[] +:url-appcontainer-isolation: https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation +:url-appcontainer-impl: https://docs.microsoft.com/en-us/windows/win32/secauthz/implementing-an-appcontainer + *Last Modified Date*:: 2019-12-16 *IP Status*:: @@ -18,13 +21,11 @@ include::../meta/XR_EXT_win32_appcontainer_compatible.adoc[] *Overview* To minimize opportunities for malicious manipulation, a common practice on -the Windows OS is to isolate the application process in an [AppContainer -execution environment] -(https://docs.microsoft.com/en-us/windows/win32/secauthz/appcontainer-isolation). +the Windows OS is to isolate the application process in an {url-appcontainer-isolation}[AppContainer +execution environment]. In order for a runtime to work properly in such an application process, the -runtime must: properly [set ACL to device resources and cross process -resources] -(https://docs.microsoft.com/en-us/windows/win32/secauthz/implementing-an-appcontainer). +runtime must: properly {url-appcontainer-impl}[set ACL to device resources and cross process +resources]. An application running in an AppContainer process can: request for a runtime to enable such AppContainer compatibility by adding