https://paper.bobylive.com/Meeting_Papers/BlackHat/Europe-2018/eu-18-Ding-Cutting-Edge-Microsoft-Browser-Security-From-People-Who-Owned-It-wp.pdf

WinRT

Windows Runtime, which is just an enhanced version of COM and is not really a run time. It sits on top of Subsystem DLLs (kernel.dll, ntdll.dll etc..).

UWP platform

AppContainer

Capability defined in AppxManifest.xml .

Appcontainer’s LowBox token for access checking

• Integrity level
• Appcontainer SID
• Capability SIDs

All UWP apps run at low integrity level

Child AppContainer.

Four more RIDs than Parent to uniquely identify it.

The Brokers.

WinRT API. Since UWP app sometimes perform resource operations require permissions highter than AppContainer. reading/writing, accessing the clipboard.