mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.14.2

This commit is contained in:
DavidXanatos 2024-06-17 13:23:57 +02:00
parent 6266f18ebe
commit 1badefbef1
12 changed files with 288 additions and 298 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@ -18,6 +18,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- Add new option "AllowCoverTaskbar" for [#3975](https://github.com/sandboxie-plus/Sandboxie/issues/3975)
- added RPC Port message filter mechanism to block unsafe RDP calls via the driver [#3930](https://github.com/sandboxie-plus/Sandboxie/issues/3930)
- Usage: "RpcPortFilter=Port,ID,Label" label is optional
- added "Job Object" Options page to colelct all job object related options
### Changed
- Extend "Temp Template" to make it could delete local template section.
@ -36,6 +37,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [1.14.1 / 5.69.1] - 2024-06-06
### Added

374
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -1572,49 +1572,31 @@
</item>
</layout>
</widget>
<widget class="QWidget" name="tabPrivileges">
<property name="font">
<font>
<weight>50</weight>
<bold>false</bold>
<kerning>true</kerning>
</font>
</property>
<widget class="QWidget" name="tabJob">
<attribute name="title">
<string>Advanced Security</string>
<string>Job Object</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_26">
<item row="0" column="1">
<layout class="QGridLayout" name="gridLayout_2">
<item row="10" column="2" colspan="2">
<widget class="QLabel" name="label_74">
<layout class="QGridLayout" name="gridLayout_51">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_50">
<item row="6" column="1" colspan="2">
<widget class="QLabel" name="label_86">
<property name="text">
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
<string>Total Processes Number Limit:</string>
</property>
</widget>
</item>
<item row="2" column="1" colspan="3">
<widget class="QCheckBox" name="chkRestrictServices">
<item row="1" column="1" colspan="4">
<widget class="QCheckBox" name="chkAddToJob">
<property name="text">
<string>Do not start sandboxed services using a system token (recommended)</string>
<string>Add sandboxed processes to job objects (recommended)</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="3">
<widget class="QCheckBox" name="chkProtectSCM">
<property name="text">
<string>Allow only privileged processes to access the Service Control Manager</string>
</property>
</widget>
</item>
<item row="6" column="0">
<widget class="QLabel" name="lblFence">
<item row="0" column="0">
<widget class="QLabel" name="lblJob">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
@ -1627,31 +1609,134 @@
</property>
</widget>
</item>
<item row="9" column="1" colspan="4">
<widget class="QCheckBox" name="chkSbieLogon">
<item row="5" column="1" colspan="2">
<widget class="QLabel" name="label_56">
<property name="text">
<string>Use a Sandboxie login instead of an anonymous token</string>
<string>Total Processes Memory Limit:</string>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="lblPrivilege">
<item row="4" column="1" colspan="2">
<widget class="QLabel" name="label_53">
<property name="text">
<string>Single Process Memory Limit:</string>
</property>
</widget>
</item>
<item row="4" column="3">
<widget class="QLineEdit" name="lineSingleMemory">
<property name="placeholderText">
<string>Leave it blank to disable the setting(Unit:KB)</string>
</property>
</widget>
</item>
<item row="5" column="3">
<widget class="QLineEdit" name="lineTotalMemory">
<property name="placeholderText">
<string>Leave it blank to disable the setting(Unit:KB)</string>
</property>
</widget>
</item>
<item row="6" column="3">
<widget class="QLineEdit" name="lineTotalNumber">
<property name="placeholderText">
<string>Leave it blank to disable the setting</string>
</property>
</widget>
</item>
<item row="2" column="2" colspan="3">
<widget class="QCheckBox" name="chkNestedJobs">
<property name="text">
<string>Allow use of nested job objects (works on Windows 8 and later)</string>
</property>
</widget>
</item>
<item row="7" column="4">
<spacer name="horizontalSpacer_23">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="7" column="0">
<spacer name="verticalSpacer_45">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="2" column="1">
<widget class="QLabel" name="label_63">
<property name="sizePolicy">
<sizepolicy hsizetype="Fixed" vsizetype="Fixed">
<horstretch>0</horstretch>
<verstretch>0</verstretch>
</sizepolicy>
</property>
<property name="minimumSize">
<size>
<width>16</width>
<height>0</height>
</size>
</property>
<property name="text">
<string/>
</property>
</widget>
</item>
<item row="3" column="0" colspan="2">
<widget class="QLabel" name="lblLimit">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the sandbox integrity itself</string>
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Privilege isolation</string>
<string>Limit restrictions</string>
</property>
</widget>
</item>
<item row="11" column="2">
</layout>
</item>
</layout>
</widget>
<widget class="QWidget" name="tabPrivileges">
<property name="font">
<font>
<bold>false</bold>
<kerning>true</kerning>
</font>
</property>
<attribute name="title">
<string>Advanced Security</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_26">
<item row="0" column="1">
<layout class="QGridLayout" name="gridLayout_2">
<item row="5" column="1" colspan="3">
<widget class="QCheckBox" name="chkDropPrivileges">
<property name="text">
<string>Drop critical privileges from processes running with a SYSTEM token</string>
</property>
</widget>
</item>
<item row="9" column="2">
<spacer name="horizontalSpacer_13">
<property name="orientation">
<enum>Qt::Horizontal</enum>
@ -1664,10 +1749,20 @@
</property>
</spacer>
</item>
<item row="7" column="1" colspan="2">
<widget class="QCheckBox" name="chkAddToJob">
<item row="1" column="1" colspan="3">
<widget class="QCheckBox" name="chkProtectSCM">
<property name="text">
<string>Add sandboxed processes to job objects (recommended)</string>
<string>Allow only privileged processes to access the Service Control Manager</string>
</property>
</widget>
</item>
<item row="8" column="2" colspan="2">
<widget class="QLabel" name="label_74">
<property name="text">
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
@ -1675,7 +1770,6 @@
<widget class="QLabel" name="label_65">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
@ -1685,7 +1779,37 @@
</property>
</widget>
</item>
<item row="11" column="1">
<item row="0" column="0">
<widget class="QLabel" name="lblPrivilege">
<property name="font">
<font>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the sandbox integrity itself</string>
</property>
<property name="text">
<string>Privilege isolation</string>
</property>
</widget>
</item>
<item row="2" column="1" colspan="3">
<widget class="QCheckBox" name="chkRestrictServices">
<property name="text">
<string>Do not start sandboxed services using a system token (recommended)</string>
</property>
</widget>
</item>
<item row="7" column="1" colspan="4">
<widget class="QCheckBox" name="chkSbieLogon">
<property name="text">
<string>Use a Sandboxie login instead of an anonymous token</string>
</property>
</widget>
</item>
<item row="9" column="1">
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
@ -1716,7 +1840,6 @@
<widget class="QLabel" name="label_64">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
@ -1726,18 +1849,10 @@
</property>
</widget>
</item>
<item row="5" column="1" colspan="3">
<widget class="QCheckBox" name="chkDropPrivileges">
<property name="text">
<string>Drop critical privileges from processes running with a SYSTEM token</string>
</property>
</widget>
</item>
<item row="8" column="0" colspan="2">
<item row="6" column="0" colspan="2">
<widget class="QLabel" name="lblToken">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
@ -3927,7 +4042,6 @@ The process match level has a higher priority than the specificity and describes
<widget class="QTabWidget" name="tabsOther">
<property name="font">
<font>
<weight>50</weight>
<bold>false</bold>
<kerning>true</kerning>
</font>
@ -3949,49 +4063,31 @@ The process match level has a higher priority than the specificity and describes
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QCheckBox" name="chkNoPanic">
<property name="toolTip">
<string>When the global hotkey is pressed 3 times in short succession this exception will be ignored.</string>
</property>
<property name="text">
<string>Exclude this sandbox from being terminated when &quot;Terminate All Processes&quot; is invoked.</string>
</property>
</widget>
</item>
<item row="6" column="1">
<widget class="QCheckBox" name="chkUseSbieWndStation">
<property name="text">
<string>Emulate sandboxed window station for all processes</string>
</property>
</widget>
</item>
<item row="1" column="0">
<widget class="QLabel" name="lblCompatibility">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Compatibility</string>
</property>
</widget>
</item>
<item row="7" column="1">
<widget class="QCheckBox" name="chkComTimeout">
<property name="text">
<string>Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues)</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QCheckBox" name="chkPreferExternalManifest">
<property name="text">
<string>Force usage of custom dummy Manifest files (legacy behaviour)</string>
</property>
</widget>
</item>
<item row="5" column="1">
<item row="4" column="1">
<widget class="QCheckBox" name="chkUseSbieDeskHack">
<property name="text">
<string>Use desktop object workaround for all processes</string>
</property>
</widget>
</item>
<item row="8" column="0">
<item row="7" column="0">
<spacer name="verticalSpacer_28">
<property name="orientation">
<enum>Qt::Vertical</enum>
@ -4004,121 +4100,35 @@ The process match level has a higher priority than the specificity and describes
</property>
</spacer>
</item>
<item row="8" column="1">
<spacer name="horizontalSpacer_12">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="4" column="1">
<widget class="QCheckBox" name="chkNestedJobs">
<property name="text">
<string>Allow use of nested job objects (works on Windows 8 and later)</string>
</property>
</widget>
</item>
<item row="0" column="1">
<widget class="QCheckBox" name="chkNoPanic">
<property name="toolTip">
<string>When the global hotkey is pressed 3 times in short succession this exception will be ignored.</string>
</property>
<property name="text">
<string>Exclude this sandbox from being terminated when &quot;Terminate All Processes&quot; is invoked.</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
</widget>
<widget class="QWidget" name="lblLimit_2">
<attribute name="title">
<string>Process Limits</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_51">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_50">
<item row="4" column="0">
<spacer name="verticalSpacer_44">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="lblLimit">
<item row="1" column="0">
<widget class="QLabel" name="lblCompatibility">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Limit restrictions</string>
</property>
</widget>
</item>
<item row="2" column="2">
<widget class="QLineEdit" name="lineTotalMemory">
<property name="placeholderText">
<string>Leave it blank to disable the setting(Unit:KB)</string>
</property>
</widget>
</item>
<item row="3" column="2">
<widget class="QLineEdit" name="lineTotalNumber">
<property name="placeholderText">
<string>Leave it blank to disable the setting</string>
</property>
</widget>
</item>
<item row="1" column="2">
<widget class="QLineEdit" name="lineSingleMemory">
<property name="placeholderText">
<string>Leave it blank to disable the setting(Unit:KB)</string>
</property>
</widget>
</item>
<item row="3" column="1">
<widget class="QLabel" name="label_86">
<property name="text">
<string>Total Processes Number Limit:</string>
<string>Compatibility</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLabel" name="label_56">
<widget class="QCheckBox" name="chkPreferExternalManifest">
<property name="text">
<string>Total Processes Memory Limit:</string>
<string>Force usage of custom dummy Manifest files (legacy behaviour)</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QLabel" name="label_53">
<item row="5" column="1">
<widget class="QCheckBox" name="chkUseSbieWndStation">
<property name="text">
<string>Single Process Memory Limit:</string>
<string>Emulate sandboxed window station for all processes</string>
</property>
</widget>
</item>
<item row="4" column="1" colspan="2">
<spacer name="horizontalSpacer_22">
<item row="7" column="1">
<spacer name="horizontalSpacer_12">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>

BIN
SandboxiePlus/SandMan/Resources/Actions/Job.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
SandboxiePlus/SandMan/Resources/Actions/Job2.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.4 KiB

BIN
SandboxiePlus/SandMan/Resources/Actions/Job3.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 2.1 KiB

BIN
SandboxiePlus/SandMan/Resources/Actions/Job4.png Normal file
View File

Binary file not shown.
Side by Side

After

Width:  |  Height:  |  Size: 1.6 KiB

4
SandboxiePlus/SandMan/Resources/SandMan.qrc
View File

@ -182,6 +182,10 @@
<file>Actions/TaskBar.png</file>
<file>Actions/Desktop.png</file>
<file>Actions/Pause.png</file>
<file>Actions/Job.png</file>
<file>Actions/Job2.png</file>
<file>Actions/Job4.png</file>
<file>Actions/Job3.png</file>
</qresource>
<qresource prefix="/Boxes">
<file alias="Busy">Boxes/BusyOverlay.png</file>

37
SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
View File

@ -13,11 +13,11 @@
void COptionsWindow::CreateAccess()
{
// Resource Access
connect(ui.chkPrivacy, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
connect(ui.chkUseSpecificity, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
connect(ui.chkBlockWMI, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
connect(ui.chkCloseForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
connect(ui.chkNoOpenForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
connect(ui.chkPrivacy, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkUseSpecificity, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkBlockWMI, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkCloseForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
connect(ui.chkNoOpenForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChangedEx()));
//
connect(ui.btnAddFile, SIGNAL(clicked(bool)), this, SLOT(OnAddFile()));
@ -54,7 +54,7 @@ void COptionsWindow::CreateAccess()
connect(ui.tabsAccess, SIGNAL(currentChanged(int)), this, SLOT(OnAccessTab()));
}
void COptionsWindow::OnAccessChanged()
void COptionsWindow::OnAccessChangedEx()
{
if (sender() == ui.chkPrivacy || sender() == ui.chkUseSpecificity) {
if (ui.chkPrivacy->isChecked() || (ui.chkUseSpecificity->isEnabled() && ui.chkUseSpecificity->isChecked()))
@ -67,6 +67,13 @@ void COptionsWindow::OnAccessChanged()
ui.chkUseSpecificity->setChecked(m_pBox->GetBool("UseRuleSpecificity", false));
}
OnAccessChanged();
}
void COptionsWindow::OnAccessChanged()
{
UpdateJobOptions();
m_AccessChanged = true;
OnOptChanged();
}
@ -105,8 +112,7 @@ void COptionsWindow::SetAccessEntry(EAccessType Type, const QString& Program, EA
{
if (GetAccessEntry(Type, Program, Mode, Path) != NULL)
return; // already set
m_AccessChanged = true;
OnOptChanged();
OnAccessChanged();
AddAccessEntry(Type, Mode, Program, Path);
}
@ -115,8 +121,7 @@ void COptionsWindow::DelAccessEntry(EAccessType Type, const QString& Program, EA
if(QTreeWidgetItem* pItem = GetAccessEntry(Type, Program, Mode, Path))
{
delete pItem;
m_AccessChanged = true;
OnOptChanged();
OnAccessChanged();
}
}
@ -365,8 +370,7 @@ void COptionsWindow::OnBrowseFile()
AddAccessEntry(eFile, eOpen, "", Value);
m_AccessChanged = true;
OnOptChanged();
OnAccessChanged();
}
void COptionsWindow::OnBrowseFolder()
@ -377,8 +381,7 @@ void COptionsWindow::OnBrowseFolder()
AddAccessEntry(eFile, eOpen, "", Value);
m_AccessChanged = true;
OnOptChanged();
OnAccessChanged();
}
QString COptionsWindow::ExpandPath(EAccessType Type, const QString& Path)
@ -586,8 +589,7 @@ void COptionsWindow::CloseAccessEdit(QTreeWidgetItem* pItem, bool bSave)
pItem->setText(3, ExpandPath(Type, Path));
pItem->setData(3, Qt::UserRole, Path);
m_AccessChanged = true;
OnOptChanged();
OnAccessChanged();
}
pTree->setItemWidget(pItem, 1, NULL);
@ -675,8 +677,7 @@ void COptionsWindow::OnAccessChanged(QTreeWidgetItem* pItem, int Column)
if (Column != 0)
return;
m_AccessChanged = true;
OnOptChanged();
OnAccessChanged();
}
void COptionsWindow::DeleteAccessEntry(QTreeWidgetItem* pItem, int Column)

85
SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
View File

@ -129,7 +129,9 @@ void COptionsWindow::LoadAdvanced()
ui.chkPreferExternalManifest->setChecked(m_pBox->GetBool("PreferExternalManifest", false));
ui.chkElevateCreateProcessFix->setChecked(m_pBox->GetBool("ApplyElevateCreateProcessFix", false));
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
ui.chkNestedJobs->setChecked(m_pBox->GetBool("AllowBoxedJobs", false));
ui.chkUseSbieDeskHack->setChecked(m_pBox->GetBool("UseSbieDeskHack", true));
ui.chkUseSbieWndStation->setChecked(m_pBox->GetBool("UseSbieWndStation", true));
@ -302,6 +304,8 @@ void COptionsWindow::LoadAdvanced()
if (!ui.chkOpenCredentials->isEnabled()) ui.chkOpenCredentials->setChecked(true);
m_AdvancedChanged = false;
UpdateJobOptions();
}
void COptionsWindow::OnPSTChanged()
@ -553,16 +557,16 @@ void COptionsWindow::OnIsolationChanged()
ui.chkNoOpenForBox->setChecked(m_pBox->GetBool("DontOpenForBoxed", true));
}
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::UpdateBoxIsolation()
{
ui.chkNoSecurityFiltering->setEnabled(ui.chkNoSecurityIsolation->isChecked());
ui.chkAddToJob->setEnabled(!IsAccessEntrySet(eWnd, "", eOpen, "*") && !ui.chkNoSecurityIsolation->isChecked());
ui.chkNestedJobs->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
//ui.chkNotUntrusted->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
UpdateJobOptions();
ui.chkOpenDevCMApi->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkOpenSamEndpoint->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
@ -592,13 +596,9 @@ void COptionsWindow::UpdateBoxIsolation()
if (ui.chkNoSecurityIsolation->isChecked()) {
ui.chkCloseForBox->setChecked(false);
ui.chkNoOpenForBox->setChecked(false);
if (!IsAccessEntrySet(eWnd, "", eOpen, "*"))
ui.chkAddToJob->setChecked(false);
ui.chkSbieLogon->setChecked(false);
}
else {
if (!IsAccessEntrySet(eWnd, "", eOpen, "*"))
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
ReadGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false);
}
}
@ -606,8 +606,7 @@ void COptionsWindow::UpdateBoxIsolation()
void COptionsWindow::OnSysSvcChanged()
{
ui.chkElevateRpcss->setDisabled(ui.chkNoSecurityIsolation->isChecked() && (!ui.chkRestrictServices->isChecked() || ui.chkMsiExemptions->isChecked()));
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnConfidentialChanged()
@ -623,10 +622,25 @@ void COptionsWindow::OnLessConfidentialChanged()
void COptionsWindow::OnAdvancedChanged()
{
UpdateJobOptions();
m_AdvancedChanged = true;
OnOptChanged();
}
void COptionsWindow::UpdateJobOptions()
{
bool IsAllWndOpen = ui.chkNoSecurityIsolation->isChecked() || IsAccessEntrySet(eWnd, "", eOpen, "*");
ui.chkAddToJob->setEnabled(!IsAllWndOpen);
bool bUseJobObject = !IsAllWndOpen && ui.chkAddToJob->isChecked();
ui.chkNestedJobs->setEnabled(bUseJobObject);
ui.lineSingleMemory->setEnabled(bUseJobObject);
ui.lineTotalMemory->setEnabled(bUseJobObject);
ui.lineTotalNumber->setEnabled(bUseJobObject);
}
void COptionsWindow::CheckOpenCOM()
{
bool bComIpcOpen = IsAccessEntrySet(eIPC, "", eOpen, "\\RPC Control\\epmapper") || IsAccessEntrySet(eIPC, "", eOpen, "*");
@ -808,8 +822,7 @@ void COptionsWindow::OnAddOption()
void COptionsWindow::OnDelOption()
{
DeleteAccessEntry(ui.treeOptions->currentItem());
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnOptionItemDoubleClicked(QTreeWidgetItem* pItem, int Column)
@ -880,8 +893,7 @@ void COptionsWindow::OnOptionChanged(QTreeWidgetItem* pItem, int Column)
if (Column != 0)
return;
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::CloseOptionEdit(bool bSave)
@ -923,8 +935,7 @@ void COptionsWindow::CloseOptionEdit(QTreeWidgetItem* pItem, bool bSave)
pItem->setText(2, pValue->currentText());
pItem->setData(2, Qt::UserRole, pValue->currentText());
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
ui.treeOptions->setItemWidget(pItem, 1, NULL);
@ -979,8 +990,7 @@ void COptionsWindow::OnAddAutoRun()
return;
AddTriggerItem(Value, eOnStartCmd);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnAddAutoSvc()
@ -990,8 +1000,7 @@ void COptionsWindow::OnAddAutoSvc()
return;
AddTriggerItem(Value, eOnStartSvc);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnAddAutoExec()
@ -1001,8 +1010,7 @@ void COptionsWindow::OnAddAutoExec()
return;
AddTriggerItem(Value, eAutoExec);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnAddDeleteCmd()
@ -1012,8 +1020,7 @@ void COptionsWindow::OnAddDeleteCmd()
return;
AddTriggerItem(Value, eDeleteCmd);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnAddTerminateCmd()
@ -1023,8 +1030,7 @@ void COptionsWindow::OnAddTerminateCmd()
return;
AddTriggerItem(Value, eTerminateCmd);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnAddRecoveryCheck()
@ -1034,15 +1040,13 @@ void COptionsWindow::OnAddRecoveryCheck()
return;
AddTriggerItem(Value, eRecoveryCheck);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnDelAuto()
{
DeleteAccessEntry(ui.treeTriggers->currentItem());
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
//
@ -1054,15 +1058,13 @@ void COptionsWindow::OnAddProcess()
AddHiddenProcEntry(Process);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnDelProcess()
{
DeleteAccessEntry(ui.treeHideProc->currentItem());
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnHostProcessAllow()
@ -1073,8 +1075,7 @@ void COptionsWindow::OnHostProcessAllow()
AddHostProcEntry(Process, false);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnHostProcessDeny()
@ -1085,15 +1086,13 @@ void COptionsWindow::OnHostProcessDeny()
AddHostProcEntry(Process, true);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnDelHostProcess()
{
DeleteAccessEntry(ui.treeHostProc->currentItem());
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::ShowHiddenProcTmpl(bool bUpdate)
@ -1234,8 +1233,7 @@ void COptionsWindow::OnAddUser()
ui.lstUsers->addItems(Users);
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnDelUser()
@ -1243,8 +1241,7 @@ void COptionsWindow::OnDelUser()
foreach(QListWidgetItem* pItem, ui.lstUsers->selectedItems())
delete pItem;
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::CreateDebug()

24
SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
View File

@ -283,11 +283,8 @@ void COptionsWindow::LoadGeneral()
ui.chkPrintToFile->setChecked(m_pBox->GetBool("AllowSpoolerPrintToFile", false));
ui.lineSingleMemory->setText(m_pBox->GetText("ProcessMemoryLimit", ""));
ui.lineSingleMemory->setEnabled(true);
ui.lineTotalMemory->setText(m_pBox->GetText("TotalMemoryLimit", ""));
ui.lineTotalMemory->setEnabled(true);
ui.lineTotalNumber->setText(m_pBox->GetText("TotalNumberLimit", ""));
ui.lineTotalNumber->setEnabled(true);
//ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false));
ui.chkOpenProtectedStorage->setChecked(m_BoxTemplates.contains("OpenProtectedStorage"));
@ -429,12 +426,12 @@ void COptionsWindow::SaveGeneral()
WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", "");
WriteAdvancedCheck(ui.chkPrintToFile, "AllowSpoolerPrintToFile", "y", "");
if (!ui.lineSingleMemory->text().isEmpty())
WriteText("ProcessMemoryLimit", ui.lineSingleMemory->text());
if (!ui.lineTotalMemory->text().isEmpty())
WriteText("TotalMemoryLimit", ui.lineTotalMemory->text());
if (!ui.lineTotalNumber->text().isEmpty())
WriteText("ProcessNumberLimit", ui.lineTotalNumber->text());
if (!ui.lineSingleMemory->text().isEmpty()) WriteText("ProcessMemoryLimit", ui.lineSingleMemory->text());
else m_pBox->DelValue("ProcessMemoryLimit");
if (!ui.lineTotalMemory->text().isEmpty()) WriteText("TotalMemoryLimit", ui.lineTotalMemory->text());
else m_pBox->DelValue("TotalMemoryLimit");
if (!ui.lineTotalNumber->text().isEmpty()) WriteText("ProcessNumberLimit", ui.lineTotalNumber->text());
else m_pBox->DelValue("ProcessNumberLimit");
//WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", "");
SetTemplate("OpenProtectedStorage", ui.chkOpenProtectedStorage->isChecked());
@ -815,10 +812,6 @@ void COptionsWindow::OnGeneralChanged()
ui.chkOpenSpooler->setEnabled(!ui.chkBlockSpooler->isChecked() && !ui.chkNoSecurityIsolation->isChecked());
ui.chkPrintToFile->setEnabled(!ui.chkBlockSpooler->isChecked() && !ui.chkNoSecurityFiltering->isChecked());
ui.lineSingleMemory->setEnabled(ui.chkAddToJob->isChecked());
ui.lineTotalMemory->setEnabled(ui.chkAddToJob->isChecked());
ui.lineTotalNumber->setEnabled(ui.chkAddToJob->isChecked());
ui.chkCoverBar->setEnabled(ui.chkUserOperation->isChecked());
ui.chkOpenCredentials->setEnabled(!ui.chkOpenProtectedStorage->isChecked());
@ -866,7 +859,7 @@ void COptionsWindow::OnSecurityMode()
m_GeneralChanged = true;
OnOptChanged();
OnAccessChanged(); // for rule specificity
OnAccessChangedEx(); // for rule specificity
}
void COptionsWindow::OnUseIcon(bool bUse)
@ -1142,8 +1135,7 @@ void COptionsWindow::OnVmRead()
SetAccessEntry(eIPC, "", eReadOnly, "$:*");
else
DelAccessEntry(eIPC, "", eReadOnly, "$:*");
m_AdvancedChanged = true;
OnOptChanged();
OnAdvancedChanged();
}
void COptionsWindow::OnDiskChanged()

31
SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
View File

@ -207,14 +207,15 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
ui.tabsGeneral->setTabIcon(1, CSandMan::GetIcon("Folder"));
ui.tabsGeneral->setTabIcon(2, CSandMan::GetIcon("Move"));
ui.tabsGeneral->setTabIcon(3, CSandMan::GetIcon("NoAccess"));
ui.tabsGeneral->setTabIcon(4, CSandMan::GetIcon("Fence"));
ui.tabsGeneral->setTabIcon(4, CSandMan::GetIcon("EFence"));
ui.tabsGeneral->setTabIcon(5, CSandMan::GetIcon("Run"));
ui.tabsSecurity->setCurrentIndex(0);
ui.tabsSecurity->setTabIcon(0, CSandMan::GetIcon("Shield7"));
ui.tabsSecurity->setTabIcon(1, CSandMan::GetIcon("Fence"));
ui.tabsSecurity->setTabIcon(2, CSandMan::GetIcon("Shield15"));
ui.tabsSecurity->setTabIcon(3, CSandMan::GetIcon("Shield12"));
ui.tabsSecurity->setTabIcon(3, CSandMan::GetIcon("Job"));
ui.tabsSecurity->setTabIcon(4, CSandMan::GetIcon("Shield12"));
ui.tabsForce->setCurrentIndex(0);
ui.tabsForce->setTabIcon(0, CSandMan::GetIcon("Force"));
@ -247,8 +248,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
ui.tabsOther->setCurrentIndex(0);
ui.tabsOther->setTabIcon(0, CSandMan::GetIcon("Presets"));
ui.tabsOther->setTabIcon(1, CSandMan::GetIcon("BFance"));
ui.tabsOther->setTabIcon(2, CSandMan::GetIcon("Dll"));
ui.tabsOther->setTabIcon(1, CSandMan::GetIcon("Dll"));
ui.tabsAdvanced->setCurrentIndex(0);
ui.tabsAdvanced->setTabIcon(0, CSandMan::GetIcon("Presets"));
@ -370,6 +370,8 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
AddIconToLabel(ui.lblMigration, CSandMan::GetIcon("Move").pixmap(size,size));
AddIconToLabel(ui.lblDelete, CSandMan::GetIcon("Erase").pixmap(size,size));
AddIconToLabel(ui.lblRawDisk, CSandMan::GetIcon("Disk").pixmap(size,size));
AddIconToLabel(ui.lblJob, CSandMan::GetIcon("Job3").pixmap(size,size));
AddIconToLabel(ui.lblLimit, CSandMan::GetIcon("Job2").pixmap(size,size));
AddIconToLabel(ui.lblSecurity, CSandMan::GetIcon("Shield5").pixmap(size,size));
AddIconToLabel(ui.lblElevation, CSandMan::GetIcon("Shield9").pixmap(size,size));
AddIconToLabel(ui.lblBoxProtection, CSandMan::GetIcon("BoxConfig").pixmap(size,size));
@ -385,11 +387,9 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
AddIconToLabel(ui.lblPolicy, CSandMan::GetIcon("Policy").pixmap(size,size));
AddIconToLabel(ui.lblCompatibility, CSandMan::GetIcon("Compatibility").pixmap(size,size));
AddIconToLabel(ui.lblLimit, CSandMan::GetIcon("EFence").pixmap(size,size));
//AddIconToLabel(ui.lblComRpc, CSandMan::GetIcon("Objects").pixmap(size,size));
AddIconToLabel(ui.lblPrivilege, CSandMan::GetIcon("Token").pixmap(size,size));
AddIconToLabel(ui.lblFence, CSandMan::GetIcon("BFance").pixmap(size,size));
AddIconToLabel(ui.lblToken, CSandMan::GetIcon("Sandbox").pixmap(size,size));
AddIconToLabel(ui.lblIsolation, CSandMan::GetIcon("Fence").pixmap(size,size));
AddIconToLabel(ui.lblAccess, CSandMan::GetIcon("NoAccess").pixmap(size,size));
@ -1173,25 +1173,6 @@ void COptionsWindow::UpdateCurrentTab()
{
ui.chkVmRead->setChecked(IsAccessEntrySet(eIPC, "", eReadOnly, "$:*"));
}
else if (m_pCurrentTab == ui.tabPrivileges || m_pCurrentTab == ui.tabSecurity)
{
if (IsAccessEntrySet(eWnd, "", eOpen, "*"))
{
if (!ui.chkNoSecurityIsolation->isChecked())
{
ui.chkAddToJob->setEnabled(false);
ui.chkAddToJob->setChecked(false);
}
}
else
{
if (!ui.chkNoSecurityIsolation->isChecked())
{
ui.chkAddToJob->setEnabled(true);
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
}
}
}
else if (m_pCurrentTab == ui.tabStart || m_pCurrentTab == ui.tabForce)
{
if (IsAccessEntrySet(eIPC, "!<StartRunAccess>", eClosed, "*"))

25
SandboxiePlus/SandMan/Windows/OptionsWindow.h
View File

@ -159,24 +159,24 @@ private slots:
void OnAccessSelectionChanged() { CloseAccessEdit(); OnOptChanged();}
void OnAccessChanged(QTreeWidgetItem* pItem, int Column);
void OnAddFile() { AddAccessEntry(eFile, eOpen, "", ""); m_AccessChanged = true; OnOptChanged(); }
void OnAddFile() { AddAccessEntry(eFile, eOpen, "", ""); OnAccessChanged(); }
void OnBrowseFile();
void OnBrowseFolder();
void OnDelFile() { DeleteAccessEntry(ui.treeFiles->currentItem()); m_AccessChanged = true; OnOptChanged(); }
void OnDelFile() { DeleteAccessEntry(ui.treeFiles->currentItem()); OnAccessChanged(); }
void OnShowFilesTmpl() { LoadAccessListTmpl(eFile, ui.chkShowFilesTmpl->isChecked(), true); }
void OnAddKey() { AddAccessEntry(eKey, eOpen, "", ""); m_AccessChanged = true; OnOptChanged(); }
void OnDelKey() { DeleteAccessEntry(ui.treeKeys->currentItem()); m_AccessChanged = true; OnOptChanged(); }
void OnAddKey() { AddAccessEntry(eKey, eOpen, "", ""); OnAccessChanged(); }
void OnDelKey() { DeleteAccessEntry(ui.treeKeys->currentItem()); OnAccessChanged(); }
void OnShowKeysTmpl() { LoadAccessListTmpl(eKey, ui.chkShowKeysTmpl->isChecked(), true); }
void OnAddIPC() { AddAccessEntry(eIPC, eOpen, "", ""); m_AccessChanged = true; OnOptChanged(); }
void OnDelIPC() { DeleteAccessEntry(ui.treeIPC->currentItem()); m_AccessChanged = true; OnOptChanged(); }
void OnAddIPC() { AddAccessEntry(eIPC, eOpen, "", ""); OnAccessChanged(); }
void OnDelIPC() { DeleteAccessEntry(ui.treeIPC->currentItem()); OnAccessChanged(); }
void OnShowIPCTmpl() { LoadAccessListTmpl(eIPC, ui.chkShowIPCTmpl->isChecked(), true); }
void OnAddWnd() { AddAccessEntry(eWnd, eOpen, "", ""); m_AccessChanged = true; OnOptChanged(); }
void OnDelWnd() { DeleteAccessEntry(ui.treeWnd->currentItem()); m_AccessChanged = true; OnOptChanged(); }
void OnAddWnd() { AddAccessEntry(eWnd, eOpen, "", ""); OnAccessChanged(); }
void OnDelWnd() { DeleteAccessEntry(ui.treeWnd->currentItem()); OnAccessChanged(); }
void OnShowWndTmpl() { LoadAccessListTmpl(eWnd, ui.chkShowWndTmpl->isChecked(), true); }
void OnAddCOM() { AddAccessEntry(eCOM, eOpen, "", ""); m_AccessChanged = true; OnOptChanged(); }
void OnDelCOM() { DeleteAccessEntry(ui.treeCOM->currentItem()); m_AccessChanged = true; OnOptChanged(); }
void OnAddCOM() { AddAccessEntry(eCOM, eOpen, "", ""); OnAccessChanged(); }
void OnDelCOM() { DeleteAccessEntry(ui.treeCOM->currentItem()); OnAccessChanged(); }
void OnShowCOMTmpl() { LoadAccessListTmpl(eCOM, ui.chkShowCOMTmpl->isChecked(), true); }
//void OnDelAccess() { DeleteAccessEntry(ui.treeAccess->currentItem()); m_AccessChanged = true; OnOptChanged(); }
//void OnDelAccess() { DeleteAccessEntry(ui.treeAccess->currentItem()); OnAccessChanged(); }
//void OnShowAccessTmpl() { LoadAccessListTmpl(true); }
//
@ -249,6 +249,7 @@ private slots:
void OnINetBlockChanged() { m_INetBlockChanged = true; OnOptChanged(); }
void OnRecoveryChanged() { m_RecoveryChanged = true; OnOptChanged(); }
void OnAccessChanged();
void OnAccessChangedEx();
void OnSysSvcChanged();
void OnAdvancedChanged();
void OnOpenCOM();
@ -493,6 +494,8 @@ protected:
void UpdateAccessPolicy();
void UpdateJobOptions();
QTreeWidget* GetAccessTree(EAccessType Type);
//