From 7c9d4e0877205a7b8153f0f543d44bbbaeaf8b28 Mon Sep 17 00:00:00 2001
From: DavidXanatos <3890945+DavidXanatos@users.noreply.github.com>
Date: Fri, 18 Oct 2024 22:02:07 +0200
Subject: [PATCH] 1.15.0
---
SandboxiePlus/SandMan/Forms/OptionsWindow.ui | 305 ++++++++++--------
.../SandMan/Windows/OptionsGeneral.cpp | 3 +
.../SandMan/Windows/OptionsWindow.cpp | 1 +
3 files changed, 166 insertions(+), 143 deletions(-)
diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
index f9955944..8b76c954 100644
--- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
+++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
@@ -1135,58 +1135,6 @@
-
-
-
-
-
- Use the original token only for approved NT system calls
-
-
-
- -
-
-
- Enable all security enhancements (make security hardened box)
-
-
-
- -
-
-
-
- 75
- true
- true
-
-
-
- Protect the system from sandboxed processes
-
-
- Elevation restrictions
-
-
-
- -
-
-
- Make applications think they are running elevated (allows to run installers safely)
-
-
-
- -
-
-
-
- 75
- true
- true
-
-
-
- (Recommended)
-
-
-
-
@@ -1194,80 +1142,6 @@
- -
-
-
-
- 75
- true
- true
-
-
-
- Protect the system from sandboxed processes
-
-
- Security enhancements
-
-
-
- -
-
-
- Allow MSIServer to run with a sandboxed system token and apply other exceptions if required
-
-
-
- -
-
-
- Qt::Horizontal
-
-
-
- 40
- 20
-
-
-
-
- -
-
-
- Qt::Vertical
-
-
-
- 20
- 40
-
-
-
-
- -
-
-
- Drop rights from Administrators and Power Users groups
-
-
-
- -
-
-
-
- 75
- true
- true
-
-
-
- CAUTION: When running under the built in administrator, processes can not drop administrative privileges.
-
-
- true
-
-
-
-
@@ -1278,23 +1152,6 @@
- -
-
-
-
- 75
- true
- true
-
-
-
- Security note: Elevated applications running under the supervision of Sandboxie, with an admin or system token, have more opportunities to bypass isolation and modify the system outside the sandbox.
-
-
- true
-
-
-
-
@@ -1314,6 +1171,167 @@
+ -
+
+
+ Qt::Horizontal
+
+
+
+ 40
+ 20
+
+
+
+
+ -
+
+
+ Qt::Vertical
+
+
+
+ 20
+ 40
+
+
+
+
+ -
+
+
+ Allow MSIServer to run with a sandboxed system token and apply other exceptions if required
+
+
+
+ -
+
+
+
+ true
+ true
+
+
+
+ CAUTION: When running under the built in administrator, processes can not drop administrative privileges.
+
+
+ true
+
+
+
+ -
+
+
+
+ true
+ true
+
+
+
+ Security note: Elevated applications running under the supervision of Sandboxie, with an admin or system token, have more opportunities to bypass isolation and modify the system outside the sandbox.
+
+
+ true
+
+
+
+ -
+
+
+ Enable all security enhancements (make security hardened box)
+
+
+
+ -
+
+
+ Drop rights from Administrators and Power Users groups
+
+
+
+ -
+
+
+
+ true
+ true
+
+
+
+ Protect the system from sandboxed processes
+
+
+ Elevation restrictions
+
+
+
+ -
+
+
+
+ true
+ true
+
+
+
+ Protect the system from sandboxed processes
+
+
+ File ACLs
+
+
+
+ -
+
+
+ Make applications think they are running elevated (allows to run installers safely)
+
+
+
+ -
+
+
+
+ true
+ true
+
+
+
+ (Recommended)
+
+
+
+ -
+
+
+ Use the original token only for approved NT system calls
+
+
+
+ -
+
+
+
+ true
+ true
+
+
+
+ Protect the system from sandboxed processes
+
+
+ Security enhancements
+
+
+
+ -
+
+
+ Use original Access Control Entries for boxed Files and Folders (for MSIServer enable excemptions)
+
+
+
@@ -5877,6 +5895,7 @@ Please note that this values are currently user specific and saved globally for
chkDropRights
chkFakeElevation
chkMsiExemptions
+ chkACLs
chkNoSecurityIsolation
chkNoSecurityFiltering
chkConfidential
diff --git a/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp b/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
index ff56f402..8b7ad569 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
@@ -158,6 +158,7 @@ void COptionsWindow::CreateGeneral()
connect(ui.chkDropRights, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkFakeElevation, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkMsiExemptions, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
+ connect(ui.chkACLs, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkBlockSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenSpooler, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
@@ -280,6 +281,7 @@ void COptionsWindow::LoadGeneral()
ui.chkDropRights->setChecked(m_pBox->GetBool("DropAdminRights", false));
ui.chkFakeElevation->setChecked(m_pBox->GetBool("FakeAdminRights", false));
ui.chkMsiExemptions->setChecked(m_pBox->GetBool("MsiInstallerExemptions", false));
+ ui.chkACLs->setChecked(m_pBox->GetBool("UseOriginalACLs", false));
ui.chkBlockSpooler->setChecked(m_pBox->GetBool("ClosePrintSpooler", false));
ui.chkOpenSpooler->setChecked(m_pBox->GetBool("OpenPrintSpooler", false));
@@ -422,6 +424,7 @@ void COptionsWindow::SaveGeneral()
WriteAdvancedCheck(ui.chkDropRights, "DropAdminRights", "y", "");
WriteAdvancedCheck(ui.chkFakeElevation, "FakeAdminRights", "y", "");
WriteAdvancedCheck(ui.chkMsiExemptions, "MsiInstallerExemptions", "y", "");
+ WriteAdvancedCheck(ui.chkACLs, "UseOriginalACLs", "y", "");
WriteAdvancedCheck(ui.chkBlockSpooler, "ClosePrintSpooler", "y", "");
WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", "");
diff --git a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
index dbc9ba3b..d97f80c1 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
@@ -427,6 +427,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer& pBox, const QStri
AddIconToLabel(ui.lblLimit, CSandMan::GetIcon("Job2").pixmap(size,size));
AddIconToLabel(ui.lblSecurity, CSandMan::GetIcon("Shield5").pixmap(size,size));
AddIconToLabel(ui.lblElevation, CSandMan::GetIcon("Shield9").pixmap(size,size));
+ AddIconToLabel(ui.lblACLs, CSandMan::GetIcon("Ampel").pixmap(size,size));
AddIconToLabel(ui.lblBoxProtection, CSandMan::GetIcon("BoxConfig").pixmap(size,size));
AddIconToLabel(ui.lblNetwork, CSandMan::GetIcon("Network").pixmap(size,size));
AddIconToLabel(ui.lblPrinting, CSandMan::GetIcon("Printer").pixmap(size,size));