Share via

Register the device interface as restricted to privileged apps

  • Article

Applications are denied access to custom driver functionality, unless they're granted permissions through signed device metadata. This topic shows how to add the Restricted property that indicates that only privileged apps can access a device interface class. Custom device drivers must have this property.

Instructions

Setting the Restricted property in an information (INF) file

In the InterfaceInstall32 section, the GUID of the device interface class is registered.

The lines under the AddProperty directive set the device class properties. The second line sets a custom property in a custom property category. The property-category GUID is 14c83a99-0b3f-44b7-be4c-a178d3990564, and the property identifier is 2. The optional Flags entry value is not present, and the type is 17 (DEVPROP_TYPE_BOOLEAN). The value of the property is 1.

; Below, {11111111-0000-1111-0000-111111111111} is the GUID of the 
; new device interface class in an AddInterface directive



; -- Interface installation
[InterfaceInstall32]
{11111111-0000-1111-0000-111111111111}=NewInterfaceInstall

[NewInterfaceInstall]
AddProperty=PrivilegedProperties

[PrivilegedProperties]
; DEVPKey_DeviceInterfaceClass_Restricted
{14c83a99-0b3f-44b7-be4c-a178d3990564}, 2, 17,,1 ; -- non-zero indicates privileged

Remarks

Instead of the AddInterface directive, the driver can also call the IoRegisterDeviceInterface routine to register the device interface class.

You can also set the restricted interface property by calling the IoSetDeviceInterfacePropertyData routine.

Samples

Custom Driver Access Sample

White papers

Windows Store device app Design Guide for Specialized Devices

Other resources

Device Experience for Specialized Devices

Device Experience for Windows 8