diff --git a/CHANGELOG.md b/CHANGELOG.md index 5ed5432c..080578d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -11,6 +11,7 @@ This project adheres to [Semantic Versioning](http://semver.org/). ### Fixed - fixed issue with box options [#2400](https://github.com/sandboxie-plus/Sandboxie/issues/2400) - fixed issue with Smart App Control [#2341](https://github.com/sandboxie-plus/Sandboxie/issues/2341) +- fixed issue with snapshots when using privacy boxes [#2427](https://github.com/sandboxie-plus/Sandboxie/issues/2427) diff --git a/Sandboxie/core/dll/file.c b/Sandboxie/core/dll/file.c index c693030c..9025f595 100644 --- a/Sandboxie/core/dll/file.c +++ b/Sandboxie/core/dll/file.c @@ -2961,7 +2961,7 @@ ReparseLoop: BOOLEAN use_rule_specificity = (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0; - if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){ + if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', OriginalPath ? OriginalPath : TruePath)){ // // When using Rule specificity we need to create some dummy directories @@ -2969,6 +2969,12 @@ ReparseLoop: File_CreateBoxedPath(TruePath); } + else if (OriginalPath) { + + status = File_GetFileType(&objattrs, FALSE, &FileType, NULL); + if (status == STATUS_NOT_A_DIRECTORY) + status = STATUS_ACCESS_DENIED; + } else { // @@ -3072,7 +3078,7 @@ ReparseLoop: // to make sure File_CheckCreateParameters won't fail // - if (PATH_IS_WRITE(mp_flags) && NT_SUCCESS(status)) { + if (PATH_IS_WRITE(mp_flags) && NT_SUCCESS(status) && !OriginalPath) { DesiredAccess |= FILE_GENERIC_WRITE; FileType &= ~(TYPE_READ_ONLY | TYPE_SYSTEM); } @@ -4867,6 +4873,7 @@ _FX NTSTATUS File_NtQueryFullAttributesFileImpl( WCHAR *CopyPath; ULONG FileFlags, FileAttrs, mp_flags; ULONG TruePathFlags; + WCHAR* OriginalPath; // // special case: when it starts, the Windows Explorer process looks @@ -5002,9 +5009,12 @@ _FX NTSTATUS File_NtQueryFullAttributesFileImpl( // Check true path relocation // + OriginalPath = NULL; WCHAR* OldTruePath = File_ResolveTruePath(TruePath, CopyPath, &TruePathFlags); - if (OldTruePath) + if (OldTruePath) { + OriginalPath = TruePath; TruePath = OldTruePath; + } // // check if this is a write-only path. if the path is not @@ -5016,13 +5026,16 @@ _FX NTSTATUS File_NtQueryFullAttributesFileImpl( BOOLEAN use_rule_specificity = (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0; - if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', TruePath)){ + if (use_rule_specificity && SbieDll_HasReadableSubPath(L'f', OriginalPath ? OriginalPath : TruePath)){ // // When using Rule specificity we need to create some dummy directories // - File_CreateBoxedPath(TruePath); + File_CreateBoxedPath(OriginalPath ? OriginalPath : TruePath); + } + else if (OriginalPath) { + ; // try TruePath which points by now to teh snapshot location } else {