From 4ed9234691a3dc13d08bc2853ef40dcda11f6f39 Mon Sep 17 00:00:00 2001
From: love-code-yeyixiao <188240888@qq.com>
Date: Sat, 8 Jun 2024 21:46:06 +0800
Subject: [PATCH] UI
---
SandboxiePlus/SandMan/Forms/OptionsWindow.ui | 313 +++++++++---------
.../SandMan/Windows/OptionsAccess.cpp | 3 +
.../SandMan/Windows/OptionsGeneral.cpp | 26 +-
3 files changed, 170 insertions(+), 172 deletions(-)
diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
index 0d1dc9ac..7445156a 100644
--- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
+++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
@@ -7,7 +7,7 @@
0
0
835
- 588
+ 575
@@ -45,7 +45,7 @@
QTabWidget::North
- 0
+ 6
@@ -3086,125 +3086,125 @@ To specify a process use '$:program.exe' as path.
Access Policies
-
-
- 9
-
-
- 9
-
-
- 9
-
-
- 9
-
+
-
-
-
-
-
-
-
- 75
- true
- true
-
-
-
- Rule Policies
-
-
-
- -
-
-
- Apply Close...=!<program>,... rules also to all binaries located in the sandbox.
-
-
-
- -
-
-
- Prioritize rules based on their Specificity and Process Match Level
-
-
-
- -
-
-
- Apply File and Key Open directives only to binaries located outside the sandbox.
-
-
-
- -
-
-
- Qt::Horizontal
-
-
-
- 40
- 20
-
-
-
-
- -
-
-
-
- 75
- true
- true
-
-
-
- Access Mode
-
-
-
- -
-
-
- The rule specificity is a measure to how well a given rule matches a particular path, simply put the specificity is the length of characters from the begin of the path up to and including the last matching non-wildcard substring. A rule which matches only file types like "*.tmp" would have the highest specificity as it would always match the entire file path.
+
+
+
+ 75
+ true
+ true
+
+
+
+ Access Mode
+
+
+
+ -
+
+
+ Privacy Mode, block file and registry access to all locations except the generic system ones
+
+
+
+ -
+
+
+ When the Privacy Mode is enabled, sandboxed processes will be only able to read C:\Windows\*, C:\Program Files\*, and parts of the HKLM registry, all other locations will need explicit access to be readable and/or writable. In this mode, Rule Specificity is always enabled.
+
+
+ true
+
+
+
+ -
+
+
+ Prevent sandboxed processes from accessing system deatils through WMI
+
+
+
+ -
+
+
+ Some programs read system deatils through WMI(A Windows built-in database)
+instead of normal ways.For example,"tasklist.exe" could get full processes list
+even if "HideOtherBoxes" is opened through accessing WMI.Enable this option to stop these heavior.
+
+
+
+ -
+
+
+
+ 75
+ true
+ true
+
+
+
+ Rule Policies
+
+
+
+ -
+
+
+ Prioritize rules based on their Specificity and Process Match Level
+
+
+
+ -
+
+
+ The rule specificity is a measure to how well a given rule matches a particular path, simply put the specificity is the length of characters from the begin of the path up to and including the last matching non-wildcard substring. A rule which matches only file types like "*.tmp" would have the highest specificity as it would always match the entire file path.
The process match level has a higher priority than the specificity and describes how a rule applies to a given process. Rules applying by process name or group have the strongest match level, followed by the match by negation (i.e. rules applying to all processes but the given one), while the lowest match levels have global matches, i.e. rules that apply to any process.
-
-
- true
-
-
-
- -
-
-
- Privacy Mode, block file and registry access to all locations except the generic system ones
-
-
-
- -
-
-
- Qt::Vertical
-
-
-
- 20
- 40
-
-
-
-
- -
-
-
- When the Privacy Mode is enabled, sandboxed processes will be only able to read C:\Windows\*, C:\Program Files\*, and parts of the HKLM registry, all other locations will need explicit access to be readable and/or writable. In this mode, Rule Specificity is always enabled.
-
-
- true
-
-
-
-
+
+
+ true
+
+
+
+ -
+
+
+ Apply Close...=!<program>,... rules also to all binaries located in the sandbox.
+
+
+
+ -
+
+
+ Apply File and Key Open directives only to binaries located outside the sandbox.
+
+
+
+ -
+
+
+ Qt::Vertical
+
+
+
+ 20
+ 81
+
+
+
+
+ -
+
+
+ Qt::Horizontal
+
+
+
+ 638
+ 20
+
+
+
@@ -4253,7 +4253,7 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
- 4
+ 2
@@ -4640,25 +4640,6 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
Hide Processes
-
- 3
-
-
- 6
-
-
- 3
-
-
- 3
-
- -
-
-
- Add Process
-
-
-
-
@@ -4666,7 +4647,31 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
- -
+
-
+
+
+ Don't allow sandboxed processes to see processes running outside any boxes
+
+
+
+ -
+
+
+ Add Process
+
+
+
+ -
+
+
+ Hide host processes from processes running in the sandbox.
+
+
+ true
+
+
+
+ -
Qt::Vertical
@@ -4679,24 +4684,21 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
- -
-
-
- Hide host processes from processes running in the sandbox.
-
-
- true
-
-
-
- -
+
-
Show Templates
- -
+
-
+
+
+ Remove
+
+
+
+ -
true
@@ -4713,13 +4715,6 @@ This is done to prevent rogue processes inside the sandbox from creating a renam
- -
-
-
- Remove
-
-
-
diff --git a/SandboxiePlus/SandMan/Windows/OptionsAccess.cpp b/SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
index 4167969e..110a61c4 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
@@ -15,6 +15,7 @@ void COptionsWindow::CreateAccess()
// Resource Access
connect(ui.chkPrivacy, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
connect(ui.chkUseSpecificity, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
+ connect(ui.chkBlockWMI, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
connect(ui.chkCloseForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
connect(ui.chkNoOpenForBox, SIGNAL(clicked(bool)), this, SLOT(OnAccessChanged()));
//
@@ -156,6 +157,7 @@ void COptionsWindow::LoadAccessList()
{
ui.chkPrivacy->setChecked(m_pBox->GetBool("UsePrivacyMode", false));
ui.chkUseSpecificity->setChecked(m_pBox->GetBool("UseRuleSpecificity", false));
+ ui.chkBlockWMI->setChecked(m_BoxTemplates.contains("BlockAccessWMI"));
ui.chkCloseForBox->setChecked(m_pBox->GetBool("AlwaysCloseForBoxed", true));
ui.chkNoOpenForBox->setChecked(m_pBox->GetBool("DontOpenForBoxed", true));
@@ -694,6 +696,7 @@ void COptionsWindow::SaveAccessList()
{
WriteAdvancedCheck(ui.chkPrivacy, "UsePrivacyMode", "y", "");
WriteAdvancedCheck(ui.chkUseSpecificity, "UseRuleSpecificity", "y", "");
+ SetTemplate("BlockAccessWMI", ui.chkBlockWMI->isChecked());
WriteAdvancedCheck(ui.chkCloseForBox, "AlwaysCloseForBoxed", "", "n");
WriteAdvancedCheck(ui.chkNoOpenForBox, "DontOpenForBoxed", "", "n");
diff --git a/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp b/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
index c22213e4..e2853c8b 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
@@ -1068,18 +1068,18 @@ void COptionsWindow::UpdateBoxType()
bool bPrivacyMode = ui.chkPrivacy->isChecked();
bool bSecurityMode = ui.chkSecurityMode->isChecked();
bool bAppBox = ui.chkNoSecurityIsolation->isChecked();
- bool bIsoationMax = m_pBox->GetBool("HideNonSystemProcess")
- && m_pBox->GetBool("HideNonSystemProcesses")
- && m_pBox->GetBool("HideOtherBoxes")
- && m_pBox->GetBool("ClosePrintSpooler")
- && m_pBox->GetBool("BlockInterferePower")
- && !m_pBox->GetBool("OpenClipboard")
- && m_pBox->GetBool("BlockInterferenceControl")
- && m_pBox->GetBool("BlockScreenCapture")
- && m_pBox->GetBool("ConfidentialBox")
- && m_pBox->GetBool("CoverBoxedWindows")
- && m_pBox->GetBool("AlertBeforeStart")
- && m_pBox->GetBool("ForceProtectionOnMount")
+ bool bIsoationMax = ui.chkHideHostProcesses->isChecked()
+ && ui.chkBlockWMI->isChecked()
+ && ui.chkHideOtherBoxes->isChecked()
+ && ui.chkBlockSpooler->isChecked()
+ && ui.chkProtectPower->isChecked()
+ && ui.chkCloseClipBoard->isChecked()
+ && ui.chkUserOperation->isChecked()
+ && ui.chkBlockCapture->isChecked()
+ && ui.chkConfidential->isChecked()
+ && ui.chkProtectWindow->isChecked()
+ && ui.chkAlertBeforeStart->isChecked()
+ && ui.chkForceProtection->isChecked()
&& bSecurityMode && bPrivacyMode && !bAppBox;
int BoxType;
@@ -1130,7 +1130,7 @@ void COptionsWindow::OnBoxTypChanged()
pBox->SetNum64("ProcessMemoryLimit", 80000000);
pBox->SetNum("ProcessNumberLimit", 20);
pBox->SetBool("ProtectHostImages", true);*/
- SetTemplate("BlockAccessWMI", true);
+ ui.chkBlockWMI->setChecked(true);
ui.chkBlockDns->setChecked(true);
ui.chkHideOtherBoxes->setChecked(true);
ui.chkCloseClipBoard->setChecked(true);