mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.10.0

This commit is contained in:
DavidXanatos 2023-07-12 21:54:09 +02:00
parent 4e7972e074
commit 008c4c536e
5 changed files with 11 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
Sandboxie/core/drv/api.c
View File

@ -30,6 +30,7 @@
#include "session.h"
#include "common/my_version.h"
#include "log_buff.h"
#include "verify.h"
//---------------------------------------------------------------------------
@ -1325,7 +1326,7 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms)
FeatureFlags |= SBIE_FEATURE_FLAG_WIN32K_HOOK;
#endif
if (Driver_Certified) {
if (CERT_IS_LEVEL(Verify_CertInfo, eCertStandard)) {
FeatureFlags |= SBIE_FEATURE_FLAG_CERTIFIED;
@ -1342,14 +1343,13 @@ _FX NTSTATUS Api_QueryDriverInfo(PROCESS* proc, ULONG64* parms)
}
else if (args->info_class.val == -1) {
extern ULONGLONG Verify_CertInfo;
if (args->info_len.val >= sizeof(ULONGLONG)) {
ULONGLONG* data = args->info_data.val;
*data = Verify_CertInfo;
*data = Verify_CertInfo.State;
}
else if (args->info_len.val == sizeof(ULONG)) {
ULONG* data = args->info_data.val;
*data = (ULONG)(Verify_CertInfo & 0xFFFFFFFF); // drop optional data
*data = (ULONG)(Verify_CertInfo.State & 0xFFFFFFFF); // drop optional data
}
else
status = STATUS_BUFFER_TOO_SMALL;

5
Sandboxie/core/drv/process.c
View File

@ -38,6 +38,7 @@
#include "thread.h"
#include "wfp.h"
#include "common/my_version.h"
#include "verify.h"
//---------------------------------------------------------------------------
@ -755,7 +756,7 @@ _FX PROCESS *Process_Create(
// check certificate
//
if (!Driver_Certified && !proc->image_sbie) {
if (!CERT_IS_LEVEL(Verify_CertInfo, eCertStandard) && !proc->image_sbie) {
const WCHAR* exclusive_setting = NULL;
if (proc->use_security_mode)
@ -1209,7 +1210,7 @@ _FX BOOLEAN Process_NotifyProcess_Create(
BOX* breakout_box = NULL;
if (box && Process_IsBreakoutProcess(box, ImagePath)) {
if(!Driver_Certified)
if(!CERT_IS_LEVEL(Verify_CertInfo, eCertStandard))
Log_Msg_Process(MSG_6004, box->name, L"BreakoutProcess", box->session_id, CallerId);
else {
UNICODE_STRING image_uni;

4
Sandboxie/core/drv/util.c
View File

@ -377,16 +377,12 @@ _FX BOOLEAN MyIsCallerSigned(void)
// MyValidateCertificate
//---------------------------------------------------------------------------
BOOLEAN Driver_Certified = FALSE;
NTSTATUS KphValidateCertificate();
_FX NTSTATUS MyValidateCertificate(void)
{
NTSTATUS status = KphValidateCertificate();
Driver_Certified = NT_SUCCESS(status);
if (status == STATUS_ACCOUNT_EXPIRED)
status = STATUS_SUCCESS;

2
Sandboxie/core/drv/util.h
View File

@ -124,6 +124,4 @@ ULONG Util_CaptureStack(_Out_ PVOID* Frames, _In_ ULONG Count);
//---------------------------------------------------------------------------
extern BOOLEAN Driver_Certified;
#endif // _MY_UTIL_H

6
Sandboxie/core/drv/verify.h
View File

@ -74,8 +74,6 @@ enum ECertType {
eCertEvaluation = 0b11100
};
#define CERT_IS_TYPE(cert,t) ((cert.type & 0b11100) == t)
enum ECertLevel {
eCertNoLevel = 0b000,
@ -84,5 +82,9 @@ enum ECertLevel {
eCertMaxLevel = 0b111,
};
#define CERT_IS_TYPE(cert,t) ((cert.type & 0b11100) == t)
#define CERT_IS_SUBSCRIPTION(cert) (CERT_IS_TYPE(cert, eCertBusiness) || CERT_IS_TYPE(cert, eCertSubscription) || cert.type == eCertEntryPatreon || CERT_IS_TYPE(cert, eCertEvaluation))
#define CERT_IS_INSIDER(cert) (CERT_IS_TYPE(cert, eCertEternal) || cert.type == eCertGreatPatreon)
#define CERT_IS_LEVEL(cert,l) (Verify_CertInfo.active && cert.level >= l)
extern SCertInfo Verify_CertInfo;