Virtual environment type validation for policy enforcement

We claim: 1 . A system comprising a processing unit; and memory comprising computer executable instructions that, when executed, perform operations comprising: receiving, at a first environment, application policy data associated with an application, wherein the application policy data is received from a second environment via a secure communication channel between the first environment and the second environment, the secure communication channel being created using asymmetric security keys; determining whether the application is permitted to execute in the first environment by performing environment type validation for the first environment; and in response to determining, based on the environment type validation, that the application is permitted to execute in the first environment, enabling execution of the application in the first environment. 2 . The system of claim 1 , the operations further comprising: prior to receiving the application policy data, creating the secure communication channel between the first environment and the second environment, wherein the first environment is a virtual environment that is hosted by the second environment. 3 . The system of claim 1 , wherein the first environment is a container instance that is provisioned using the asymmetric security keys. 4 . The system of claim 1 , wherein performing the environment type validation comprises at least one of: determining whether an encryption infrastructure of the first environment is verified; determining whether a code integrity of the first environment is verified; or determining whether a hypervisor associated with the first environment is present. 5 . The system of claim 1 , wherein performing the environment type validation comprises at least one of: determining whether specific resources of the first environment are available; determining whether specific system drivers are present within the first environment; or determining whether specific firmware variables have been added to the first environment. 6 . The system of claim 1 , the operations further comprising: determining whether there is an execution limitation of the application within the first environment by referencing the application policy data. 7 . The system of claim 6 , wherein referencing the application policy data comprises deactivating a security check for the first environment. 8 . The system of claim 7 , wherein the security check for the first environment corresponds to a limitation based on user identification or machine identification. 9 . The system of claim 1 , the operations further comprising: generating a hash of the application policy data; and comparing the hash to known good policy hashes. 10 . The system of claim 1 , wherein enabling execution of the application in the first environment comprises enabling limited execution of the application. 11 . The system of claim 1 , wherein enabling execution of the application in the first environment comprises enabling full functionality of the application. 12 . The system of claim 1 , wherein: the asymmetric security keys are established by the second environment; and the first environment receives a public portion of the asymmetric security keys from the second environment upon launch of the first environment. 13 . A method comprising receiving, at a first environment, application policy data associated with an application, wherein the application policy data is received from a second environment via a secure communication channel between the first environment and the second environment, the secure communication channel being created using asymmetric security keys; the application being valid for the first environment until a current user session for the application is terminated; determining whether the application is permitted to execute in the first environment by performing environment type validation for the first environment; and in response to determining, based on the environment type validation, that the application is permitted to execute in the first environment, enabling execution of the application in the first environment. 14 . The method of claim 13 , wherein a secure communication mechanism of the first environment uses seed data provided by the second environment to derive at least one cryptographic key used to establish the secure communication channel. 15 . The method of claim 13 , wherein a user manually enters cryptographic information into a first secure communication mechanism of the first environment and a second secure communication mechanism of the second environment to establish the secure communication channel. 16 . The method of claim 13 , wherein the application policy data is an allowlist or a blocklist of an entity that manages the second environment. 17 . The method of claim 13 , wherein the application policy data corresponds to a transaction policy file that enables certain forms of transactions to be performed by the application. 18 . The method of claim 13 , wherein: the first environment is a virtual machine or a container computing environment; and the second environment is a host operating system that hosts the first environment. 19 . The method of claim 13 , wherein the environment type validation comprises determining whether the first environment include s a certificate issued by an expected root of trust. 20 . A device comprising a processing unit; and memory comprising computer executable instructions that, when executed, perform operations comprising: creating a secure communication channel between a first environment and a second environment; receiving, at the first environment, an application license for an application, wherein the application license is received from the second environment via the secure communication channel, the secure communication channel being created using asymmetric security keys; and is valid for the first environment for a predetermined length of time; determining whether the application is permitted to execute in the first environment by performing environment type validation for the first environment; and in response to determining, based on the environment type validation, that the application is permitted to execute in the first environment, enabling execution of the application in the first environment.