mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Build 0.7.5

This commit is contained in:
DavidXanatos 2021-06-05 10:53:58 +02:00
parent 8554623f27
commit 8c5eb2f01c
27 changed files with 494 additions and 166 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
CHANGELOG.md
View File

@ -16,10 +16,31 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.7.4 / 5.49.7] - 2021-04-11
## [0.7.5 / 5.49.8] - 2021-06-05
### Added
- added option to disable file migration prompt in the Plus UI by using "PromptForFileMigration=n"
- with "OpenClipboard=n" clipboard access for a sandbox can be now disabled
### Changed
- now by default the OpenBluetooth template is enabled to enable compatybility with unity games
- "PreferExternalManifest=program.exe,y" can now be set on a per process basis
### Fixed
- fixed compiled issues with the most recent vs2019 update
- fixed issue with vivaldi browser
- fixed some issues with box options in the plus ui
- fixed some issues with hw acceleration in chromium based browsers
- the stop all command now issues "kmdutill scandll" first to solve issues when the SbieDll.Dll is in use
- workaround for electorn apps, by forcing a additional commandline argument on the gpu renderer process
## [0.7.4 / 5.49.7] - 2021-04-12
### Added
- added option to disable file migration prompt
- added UI options for various security isolation features
- added missing functionality to set template values in the Plus UI

29
Sandboxie/apps/control/AppPage.cpp
View File

@ -770,7 +770,7 @@ void CAppPage::Folders_OnInitDialog(CBox &box)
while (! tmpl_names.IsEmpty()) {
CString tmpl_name = tmpl_names.RemoveHead();
CString varname = ini.GetTemplateVariable(tmpl_name);
CString varname = ini.GetTemplateVariable(tmpl_name); // fix-me: there may be more than one folder per template
if (varname.IsEmpty())
continue;
@ -1555,4 +1555,31 @@ void CAppPage::SetDefaultTemplates8(CBox& box)
{
box.EnableTemplate(L"FileCopy", TRUE);
box.EnableTemplate(L"SkipHook", TRUE);
SetDefaultTemplates9(box);
}
//---------------------------------------------------------------------------
// SetDefaultTemplates9
//---------------------------------------------------------------------------
void CAppPage::SetDefaultTemplates9(CBox& box)
{
CSbieIni &ini = CSbieIni::GetInstance();
// fix the unfortunate typo
if (box.IsTemplateEnabled(L"FileCppy")) {
box.EnableTemplate(L"FileCopy", TRUE);
box.EnableTemplate(L"FileCppy", FALSE);
}
box.EnableTemplate(L"WindowsFontCache", FALSE);
BOOL bHardened = FALSE;
ini.GetBool(box.GetName(), L"DropAdminRights", bHardened, FALSE);
if (!bHardened) {
// enable those templates only for non hardened boxes
box.EnableTemplate(L"OpenBluetooth", TRUE);
box.EnableTemplate(L"OpenSmartCard", TRUE);
}
}

1
Sandboxie/apps/control/AppPage.h
View File

@ -127,6 +127,7 @@ public:
static void SetDefaultTemplates6(CBox &box);
static void SetDefaultTemplates7(CBox &box);
static void SetDefaultTemplates8(CBox& box);
static void SetDefaultTemplates9(CBox& box);
};

13
Sandboxie/apps/control/Box.cpp
View File

@ -226,18 +226,23 @@ void CBox::SetDefaultSettings()
int cfglvl;
ini.GetNum(m_name, _ConfigLevel, cfglvl);
if (cfglvl >= 8)
if (cfglvl >= 9)
return;
BOOL ok = TRUE;
if (cfglvl >= 1) {
ok = ini.SetNum(m_name, _ConfigLevel, 8);
ok = ini.SetNum(m_name, _ConfigLevel, 9);
if (ok) {
if (cfglvl == 7) {
if (cfglvl == 8) {
CAppPage::SetDefaultTemplates9(*this);
}
else if (cfglvl == 7) {
CAppPage::SetDefaultTemplates8(*this);
@ -255,7 +260,7 @@ void CBox::SetDefaultSettings()
goto done;
}
ok = ini.SetNum(m_name, _ConfigLevel, 8);
ok = ini.SetNum(m_name, _ConfigLevel, 9);
if (ok)
{

4
Sandboxie/common/my_version.h
View File

@ -21,8 +21,8 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H
#define MY_VERSION_BINARY 5,49,7
#define MY_VERSION_STRING "5.49.7"
#define MY_VERSION_BINARY 5,49,8
#define MY_VERSION_STRING "5.49.8"
#define MY_VERSION_COMPAT "5.49.0" // this refers to the driver ABI compatibility
// These #defines are used by either Resource Compiler, or by NSIC installer

4
Sandboxie/core/dll/custom.c
View File

@ -1449,7 +1449,7 @@ _FX BOOLEAN Custom_SYSFER_DLL(HMODULE hmodule)
//---------------------------------------------------------------------------
_FX void Custom_Load_UxTheme(void)
/*_FX void Custom_Load_UxTheme(void)
{
//
// Google Chrome sandbox process is started with limited privileges
@ -1473,4 +1473,4 @@ _FX void Custom_Load_UxTheme(void)
SystemParametersInfo(SPI_GETFONTSMOOTHING, 0, &v, 0);
}
}
}
}*/

2
Sandboxie/core/dll/dll.h
View File

@ -733,7 +733,7 @@ BOOLEAN MsCorEE_Init(HMODULE hmodule);
void Custom_ComServer(void);
void Custom_Load_UxTheme(void);
//void Custom_Load_UxTheme(void);
NTSTATUS StopTailCallOptimization(NTSTATUS status);

4
Sandboxie/core/dll/dllmain.c
View File

@ -475,7 +475,9 @@ _FX void Dll_InitExeEntry(void)
// force load of UxTheme in a Google Chrome sandbox process
//
Custom_Load_UxTheme();
// Note: this does not seam to longer be needed for modern chrome builds, also it breaks the vivaldi browser
//Custom_Load_UxTheme();
UserEnv_InitVer(Dll_OsBuild >= 7600 ? Dll_KernelBase : Dll_Kernel32); // in KernelBase since win 7

2
Sandboxie/core/dll/file_misc.c
View File

@ -506,6 +506,7 @@ _FX ULONG File_GetTempPathW(ULONG nBufferLength, WCHAR *lpBuffer)
return rc;
}
//BOOLEAN RpcRt_TestCallingModule(ULONG_PTR pRetAddr, ULONG_PTR hModule);
BOOL File_WriteProcessMemory(
HANDLE hProcess,
@ -519,6 +520,7 @@ BOOL File_WriteProcessMemory(
//
if (lpBaseAddress && lpBaseAddress == GetProcAddress(Dll_Ntdll, "NtSetInformationThread"))
//if (RpcRt_TestCallingModule((ULONG_PTR)lpBaseAddress, (ULONG_PTR)Dll_Ntdll))
{
if (lpNumberOfBytesWritten)
{

8
Sandboxie/core/dll/gui.c
View File

@ -1239,11 +1239,13 @@ _FX HWND Gui_CreateWindowExW(
// note: the desktop window was made accessible in early v4 builds
// but this code is still here to handle any other parent windows
//
if (Dll_ChromeSandbox) {
// note: this code breaks chrome hw acceleration, so its no longer used
//
/*if (Dll_ChromeSandbox) {
dwStyle |= WS_CHILD;
hWndParent = HWND_MESSAGE;
}
}*/
//
// replace title on windows that have no parent

5
Sandboxie/core/dll/guititle.c
View File

@ -69,7 +69,7 @@ _FX BOOLEAN Gui_InitTitle(void)
//
SbieApi_QueryConfAsIs(NULL, L"BoxNameTitle", 0, buf, sizeof(buf));
if (*buf == L'y' || *buf == L'Y') {
if (*buf == L'y' || *buf == L'Y') { // indicator + box name
UNICODE_STRING uni;
@ -84,8 +84,9 @@ _FX BOOLEAN Gui_InitTitle(void)
RtlInitUnicodeString(&uni, Gui_BoxNameTitleW);
RtlUnicodeStringToAnsiString(&Gui_BoxNameTitleA, &uni, TRUE);
} else if (*buf == L'-')
} else if (*buf == L'-') // don't alter boxed window titles at all
Gui_DisableTitle = TRUE;
// else if(*buf == L'n' || *buf == L'N') means show indicator but not box name
Gui_TitleSuffixW_len = wcslen(Gui_TitleSuffixW);
Gui_TitleSuffixA_len = strlen(Gui_TitleSuffixA);

94
Sandboxie/core/dll/proc.c
View File

@ -356,6 +356,35 @@ _FX BOOLEAN Proc_Init(void)
SBIEDLL_HOOK(Proc_,RtlCreateProcessParametersEx);
}
//
// UpdateProcThreadAttribute
//
// fix for chrome 86+
if (Dll_OsBuild >= 7600) {
void* UpdateProcThreadAttribute = NULL;
RtlInitString(&ansi, "UpdateProcThreadAttribute");
status = LdrGetProcedureAddress(
Dll_KernelBase, &ansi, 0, (void **)&UpdateProcThreadAttribute);
if (NT_SUCCESS(status))
SBIEDLL_HOOK(Proc_, UpdateProcThreadAttribute);
}
//
// SetProcessMitigationPolicy
//
// fox for SBIE2303 Could not hook ... (33, 1655) due to mitigation policies
if (Dll_OsBuild >= 8400) // win8
{
void* SetProcessMitigationPolicy = NULL;
RtlInitString(&ansi, "SetProcessMitigationPolicy");
status = LdrGetProcedureAddress(
Dll_KernelBase, &ansi, 0, (void**)&SetProcessMitigationPolicy);
if (NT_SUCCESS(status))
SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy);
}
//
// CreateProcessInternal
//
@ -373,27 +402,6 @@ _FX BOOLEAN Proc_Init(void)
Dll_Kernel32, &ansi, 0, (void **)&CreateProcessInternalW);
}
// fix for chrome 86+
if (Dll_OsBuild >= 7600) {
void* UpdateProcThreadAttribute = NULL;
RtlInitString(&ansi, "UpdateProcThreadAttribute");
status = LdrGetProcedureAddress(
Dll_KernelBase, &ansi, 0, (void **)&UpdateProcThreadAttribute);
if (NT_SUCCESS(status))
SBIEDLL_HOOK(Proc_, UpdateProcThreadAttribute);
}
// fox for SBIE2303 Could not hook ... (33, 1655) due to mitigation policies
if (Dll_OsBuild >= 8400) // win8
{
void* SetProcessMitigationPolicy = NULL;
RtlInitString(&ansi, "SetProcessMitigationPolicy");
status = LdrGetProcedureAddress(
Dll_KernelBase, &ansi, 0, (void**)&SetProcessMitigationPolicy);
if (NT_SUCCESS(status))
SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy);
}
if(Dll_OsBuild < 17677) {
SBIEDLL_HOOK(Proc_,CreateProcessInternalW);
@ -1104,6 +1112,7 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
ULONG err;
BOOL ok;
BOOL resume_thread = FALSE;
WCHAR* lpAlteredCommandLine = NULL;
Proc_LastCreatedProcessHandle = NULL;
@ -1118,6 +1127,31 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
return ok;
}
//
// Electron based applications which work like chrome seam to fail with HW acceleration even when
// thay get the same treatment as chrome and chromium derivatives.
// hack: by adding a parameter to the gpu renderer process we can fix the issue.
//
if (Dll_ImageType == DLL_IMAGE_UNSPECIFIED)
{
if(lpApplicationName && lpCommandLine)
{
WCHAR* backslash = wcsrchr(lpApplicationName, L'\\');
if ((backslash && _wcsicmp(backslash + 1, Dll_ImageName) == 0)
&& wcsstr(lpCommandLine, L" --type=gpu-process")
&& !wcsstr(lpCommandLine, L" --use-gl=swiftshader-webgl")) {
lpAlteredCommandLine = Dll_Alloc((wcslen(lpCommandLine) + 32 + 1) * sizeof(WCHAR));
wcscpy(lpAlteredCommandLine, lpCommandLine);
wcscat(lpAlteredCommandLine, L" --use-gl=swiftshader-webgl");
lpCommandLine = lpAlteredCommandLine;
}
}
}
//
// hack: recent versions of Flash Player use the Chrome sandbox
// architecture which conflicts with our restricted process model
@ -1196,8 +1230,6 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
if (lpCommandLine) {
wcscat(buf, lpCommandLine);
}
else
TlsData->proc_command_line = NULL;
TlsData->proc_command_line = buf;
@ -1391,6 +1423,9 @@ finish:
if (lpCurrentDirectory && lpCurrentDirectory != SaveCurrentDirectory)
Dll_Free(lpCurrentDirectory);
if(lpAlteredCommandLine)
Dll_Free(lpAlteredCommandLine);
if (TlsData->proc_image_path) {
Dll_Free(TlsData->proc_image_path);
TlsData->proc_image_path = NULL;
@ -1424,7 +1459,7 @@ _FX BOOL Proc_AlternateCreateProcess(
BOOL *ReturnValue)
{
if (SbieApi_QueryConfBool(NULL, L"BlockSoftwareUpdaters", TRUE))
if (Proc_IsSoftwareUpdateW(lpApplicationName)) {
if (Proc_IsSoftwareUpdateW(lpApplicationName ? lpApplicationName : lpCommandLine)) {
SetLastError(ERROR_ACCESS_DENIED);
*ReturnValue = FALSE;
@ -2324,6 +2359,15 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
MatchDir = L"\\google\\update\\";
SoftName = L"Google Chrome";
} else if (Dll_ImageType == DLL_IMAGE_SANDBOXIE_DCOMLAUNCH) {
if (! Proc_IsProcessRunning(L"msedge.exe"))
return FALSE;
MatchExe = L"microsoftedgeupdatebroker.exe";
MatchDir = L"\\microsoft\\edgeupdate";
SoftName = L"Microsoft Edge";
} else
return FALSE;
@ -2334,7 +2378,7 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
IsUpdate = FALSE;
backslash = wcsrchr(path, L'\\');
if (backslash && _wcsicmp(backslash + 1, MatchExe) == 0) {
if (backslash && _wcsnicmp(backslash + 1, MatchExe, wcslen(MatchExe)) == 0) {
ULONG len = wcslen(path) + 1;
WCHAR *path2 = Dll_AllocTemp(len * sizeof(WCHAR));

8
Sandboxie/core/dll/sxs.c
View File

@ -1981,8 +1981,8 @@ _FX BOOLEAN Sxs_KeyCallback(const WCHAR *path, HANDLE *out_handle)
// a pre-set value for PreferExternalManifest
//
if (!SbieApi_QueryConfBool(NULL, L"PreferExternalManifest", FALSE))
return FALSE;
if (!Config_GetSettingsForImageName_bool(L"PreferExternalManifest", FALSE))
return FALSE;
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
@ -2078,8 +2078,8 @@ _FX BOOLEAN Sxs_FileCallback(const WCHAR *path, HANDLE *out_handle)
// our installation home directory
//
if (!SbieApi_QueryConfBool(NULL, L"PreferExternalManifest", FALSE))
return FALSE;
if (!Config_GetSettingsForImageName_bool(L"PreferExternalManifest", FALSE))
return FALSE;
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);

13
Sandboxie/core/svc/GuiServer.cpp
View File

@ -2429,13 +2429,21 @@ ULONG GuiServer::GetClipboardDataSlave(SlaveArgs *args)
GUI_GET_CLIPBOARD_DATA_RPL *rpl =
(GUI_GET_CLIPBOARD_DATA_RPL *)args->rpl_buf;
//todo: fail if the calling process should not have clipboard access
if (args->req_len != sizeof(GUI_GET_CLIPBOARD_DATA_REQ))
return STATUS_INFO_LENGTH_MISMATCH;
rpl->result = 0;
// fail if the calling process should not have clipboard access
WCHAR boxname[48] = { 0 };
WCHAR exename[128] = { 0 };
SbieApi_QueryProcess((HANDLE)args->pid, boxname, exename, NULL, NULL);
if (!SbieApi_QueryConfBool(boxname, L"OpenClipboard", TRUE))
{
rpl->error = ERROR_ACCESS_DENIED;
goto finish;
}
EnterCriticalSection(&m_SlavesLock);
if (! OpenClipboard(NULL))
@ -2495,6 +2503,7 @@ ULONG GuiServer::GetClipboardDataSlave(SlaveArgs *args)
LeaveCriticalSection(&m_SlavesLock);
finish:
args->rpl_len = sizeof(GUI_GET_CLIPBOARD_DATA_RPL);
return STATUS_SUCCESS;
}

18
Sandboxie/install/Templates.ini
View File

@ -2856,7 +2856,7 @@ OpenIpcPath=*\BaseNamedObjects*\{034DBD6D-6784-4CB3-97D8-749947D01F72}
[Template_ScreenReader]
Tmpl.Title=#4305,JAWS, NVDA, Window-Eyes, System Access
Tmpl.Class=Misc
Tmpl.Scan=i
# Tmpl.Scan=i
Tmpl.Hide=y
OpenIpcPath=\RPC Control\epmapper
OpenIpcPath=\RPC Control\OLE*
@ -3166,19 +3166,3 @@ Tmpl.Entry=StrokeIt | StrokeIt
[Template_FireFix_for_Win7]
[Template_FileCppy]
Tmpl.Title=#4295
Tmpl.Class=Misc
DontCopy=*.url
CopyEmpty=*\microsoft\windows\explorer\thumbcache_*
CopyEmpty=*\microsoft\windows\explorer\iconcache_*
# firefox
CopyAlways=*\places.sqlite
CopyAlways=*\xul.mfl
# windows installer etc
CopyAlways=*\qmgr0.dat
CopyAlways=*\qmgr1.dat
CopyAlways=*\infcache.1
CopyAlways=*\cbs.log
# internet explorer 10 web cache
CopyAlways=*\webcachev*.dat

176
SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.cpp Normal file
View File

@ -0,0 +1,176 @@
#include "stdafx.h"
#include "collapsiblegroupbox.h"
#include <QApplication>
#include <QGuiApplication>
#include <QLayout>
#include <QResizeEvent>
#include <QScreen>
#include <QStyle>
#include <QTimer>
#include <QWindow>
#include <cassert>
#include <cmath>
inline
QWindow *findWindowForWidget(const QWidget *widget)
{
for (;;) {
QWindow *wh = widget->window()->windowHandle();
if (wh != nullptr)
return wh;
widget = qobject_cast<const QWidget *>(widget->parent());
if (widget == nullptr)
return nullptr;
}
}
inline
QScreen * findScreenForWidget(const QWidget *widget)
{
for (;;) {
QWindow *wh = widget->window()->windowHandle();
if (wh != nullptr) {
QScreen *scr = wh->screen();
if (scr != nullptr)
return scr;
}
widget = qobject_cast<const QWidget *>(widget->parent());
if (widget == nullptr)
return nullptr;
}
}
CCollapsibleGroupBox::CCollapsibleGroupBox(QWidget *parent) :
QGroupBox(parent)
{
m_clExpButton = new QToolButton(this);
m_clExpButton->setCheckable(true);
connect(m_clExpButton, &QToolButton::clicked, this, &CCollapsibleGroupBox::onVisibilityChanged);
QTimer::singleShot(0, this, [this] {
auto wh = findWindowForWidget(this);
if (wh != nullptr)
connect(wh, &QWindow::screenChanged, this, &CCollapsibleGroupBox::onScreenChanged);
});
QTimer::singleShot(0, this, &CCollapsibleGroupBox::resizeCollapseButton);
}
void CCollapsibleGroupBox::collapseLayout(QLayout *lay)
{
assert(!m_layoutMargins.contains(lay));
const int cnt = lay->count();
for (int idx = 0; idx < cnt; idx++) {
auto lit = lay->itemAt(idx);
if (lit->widget()) {
auto w = lit->widget();
if (w != m_clExpButton)
w->setVisible(false);
}
else if (lit->spacerItem())
collapseSpacer(lit->spacerItem());
else if (lit->layout())
collapseLayout(lit->layout());
}
m_layoutMargins[lay] = lay->contentsMargins();
lay->setContentsMargins(0, 0, 0, 0);
}
void CCollapsibleGroupBox::collapseSpacer(QSpacerItem *spacer)
{
assert(!m_spacerSizes.contains(spacer));
m_spacerSizes[spacer] = {spacer->sizeHint(), spacer->sizePolicy()};
spacer->changeSize(0, 0);
}
void CCollapsibleGroupBox::expandLayout(QLayout *lay)
{
assert(m_layoutMargins.contains(lay));
const int cnt = lay->count();
for (int idx = 0; idx < cnt; idx++) {
auto lit = lay->itemAt(idx);
if (lit->widget())
lit->widget()->setVisible(true);
else if (lit->spacerItem())
expandSpacer(lit->spacerItem());
else if (lit->layout())
expandLayout(lit->layout());
}
lay->setContentsMargins(m_layoutMargins[lay]);
}
void CCollapsibleGroupBox::expandSpacer(QSpacerItem *spacer)
{
assert(m_spacerSizes.contains(spacer));
const auto &sz = m_spacerSizes[spacer].first;
const auto &pol = m_spacerSizes[spacer].second;
spacer->changeSize(sz.width(), sz.height(), pol.horizontalPolicy(), pol.verticalPolicy());
}
void CCollapsibleGroupBox::onScreenChanged()
{
resizeCollapseButton();
}
void CCollapsibleGroupBox::onVisibilityChanged()
{
assert(this->layout() != nullptr);
if(m_clExpButton->isChecked())
{
m_layoutMargins.clear();
m_spacerSizes.clear();
collapseLayout(this->layout());
}
else
{
expandLayout(this->layout());
}
}
void CCollapsibleGroupBox::resizeCollapseButton()
{
const QScreen *scr = findScreenForWidget(this);
if (scr == nullptr)
return;
const auto &size = this->size();
#ifdef Q_OS_WIN
qreal baseSize = 15.0;
int yOffset = 5;
#else
qreal baseSize = 22.0;
int yOffset = 0;
#endif
if (scr == nullptr)
return;
if (QString::compare(QApplication::style()->objectName(), "fusion") == 0)
baseSize = 15.0;
const qreal dpi = scr->logicalDotsPerInchX();
const qreal btnSize = floor((baseSize * dpi / 96.0) + 0.5);
m_clExpButton->setGeometry(size.width() - btnSize, yOffset, btnSize, btnSize);
}
void CCollapsibleGroupBox::resizeEvent(QResizeEvent *)
{
resizeCollapseButton();
}

9
SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.h
View File

@ -5,15 +5,18 @@
#include <QMap>
#include <QMargins>
#include <QPair>
#include <QToolButton>
class QResizeEvent;
class CollapseExpandButton;
class QSpacerItem;
class CollapsibleGroupBox : public QGroupBox
#include "../mischelpers_global.h"
class MISCHELPERS_EXPORT CCollapsibleGroupBox : public QGroupBox
{
public:
explicit CollapsibleGroupBox(QWidget *parent = nullptr);
explicit CCollapsibleGroupBox(QWidget *parent = nullptr);
protected:
void resizeEvent(QResizeEvent *);
@ -25,7 +28,7 @@ private:
void expandLayout(QLayout *layout);
void expandSpacer(QSpacerItem *spacer);
CollapseExpandButton *m_clExpButton;
QToolButton *m_clExpButton;
QMap<const void *, QMargins> m_layoutMargins;
QMap<const void *, QPair<QSize, QSizePolicy>> m_spacerSizes;

8
SandboxiePlus/MiscHelpers/Common/TabPanel.cpp
View File

@ -36,11 +36,12 @@ void CTabPanel::ShowTab(int Index, bool bShow)
RebuildTabs(ActiveTab, VisibleTabs);
}
void CTabPanel::AddTab(QWidget* pWidget, const QString& Name)
int CTabPanel::AddTab(QWidget* pWidget, const QString& Name)
{
STab Tab{Name, pWidget, true};
m_AllTabs.append(Tab);
m_pTabs->addTab(Tab.pWidget, Tab.Name);
return m_AllTabs.count() - 1;
}
void CTabPanel::SaveTabs(int& ActiveTab, QStringList& VisibleTabs)
@ -64,10 +65,9 @@ void CTabPanel::RebuildTabs(const int ActiveTab, const QStringList& VisibleTabs)
{
STab& Tab = m_AllTabs[i];
if (VisibleTabs.size() <= i || VisibleTabs[i].toInt() != 0)
Tab.bVisible = (VisibleTabs.size() <= i || VisibleTabs[i].toInt() != 0);
if (Tab.bVisible)
{
Tab.bVisible = true;
m_pTabs->addTab(Tab.pWidget, Tab.Name);
if (i == ActiveTab)
m_pTabs->setCurrentWidget(Tab.pWidget);

4
SandboxiePlus/MiscHelpers/Common/TabPanel.h
View File

@ -18,11 +18,11 @@ public:
virtual int GetTabCount() { return m_AllTabs.size(); }
virtual QString GetTabLabel(int Index) { if (Index >= m_AllTabs.size()) return ""; return m_AllTabs[Index].Name; }
virtual void ShowTab(int Index, bool bShow);
virtual bool IsTabVisible(int Index) { if (Index >= m_AllTabs.size()) return ""; return m_AllTabs[Index].bVisible; }
virtual bool IsTabVisible(int Index) { if (Index >= m_AllTabs.size()) return false; return m_AllTabs[Index].bVisible; }
protected:
virtual void InitializeTabs() = 0;
virtual void AddTab(QWidget* pWidget, const QString& Name);
virtual int AddTab(QWidget* pWidget, const QString& Name);
virtual void RebuildTabs(const int ActiveTab, const QStringList& VisibleTabs);
virtual void SaveTabs(int& ActiveTab, QStringList& VisibleTabs);

23
SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp
View File

@ -43,9 +43,8 @@ CSandBox::CSandBox(const QString& BoxName, class CSbieAPI* pAPI) : CSbieIni(BoxN
// when loading a sandbox that is not initialized, initialize it
int cfglvl = GetNum("ConfigLevel");
if (cfglvl >= 8)
if (cfglvl >= 9)
return;
SetNum("ConfigLevel", 8);
if (cfglvl == 0)
{
@ -84,7 +83,27 @@ CSandBox::CSandBox(const QString& BoxName, class CSbieAPI* pAPI) : CSbieIni(BoxN
InsertText("Template", "FileCopy");
InsertText("Template", "SkipHook");
}
if (cfglvl < 9)
{
// fix the unfortunate typo
if (GetTextList("Template", false).contains("FileCppy"))
{
InsertText("Template", "FileCopy");
DelValue("Template", "FileCppy");
}
DelValue("Template", "WindowsFontCache");
// templates L9
if (GetBool("DropAdminRights", false) == false)
{
// enable those templates only for non hardened boxes
InsertText("Template", "OpenBluetooth");
}
}
SetNum("ConfigLevel", 9);
}
CSandBox::~CSandBox()

1
SandboxiePlus/QSbieAPI/SbieUtils.cpp
View File

@ -88,6 +88,7 @@ SB_STATUS CSbieUtils::Stop(EComponent Component)
void CSbieUtils::Stop(EComponent Component, QStringList& Ops)
{
Ops.append(QString::fromWCharArray(L"kmdutil.exe|scandll"));
if ((Component & eService) != 0 && GetServiceStatus(SBIESVC) != SERVICE_STOPPED)
Ops.append(QString::fromWCharArray(L"kmdutil.exe|stop|" SBIESVC));
if ((Component & eDriver) != 0 && GetServiceStatus(SBIEDRV) != SERVICE_STOPPED)

123
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -6,7 +6,7 @@
<rect>
<x>0</x>
<y>0</y>
<width>657</width>
<width>660</width>
<height>449</height>
</rect>
</property>
@ -45,7 +45,7 @@
<enum>QTabWidget::West</enum>
</property>
<property name="currentIndex">
<number>9</number>
<number>0</number>
</property>
<widget class="QWidget" name="tabGeneral">
<attribute name="title">
@ -433,42 +433,6 @@
<layout class="QGridLayout" name="gridLayout_37">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_36">
<item row="2" column="2">
<widget class="QCheckBox" name="chkOpenSpooler">
<property name="text">
<string>Remove spooler restriction, printers can be installed outside the sandbox</string>
</property>
</widget>
</item>
<item row="7" column="0">
<spacer name="verticalSpacer_12">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_31">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Printing restrictions</string>
</property>
</widget>
</item>
<item row="6" column="2">
<widget class="QCheckBox" name="chkOpenCredentials">
<property name="text">
@ -476,13 +440,6 @@
</property>
</widget>
</item>
<item row="5" column="1" colspan="2">
<widget class="QCheckBox" name="chkOpenProtectedStorage">
<property name="text">
<string>Open System Protected Storage</string>
</property>
</widget>
</item>
<item row="3" column="2">
<widget class="QCheckBox" name="chkPrintToFile">
<property name="sizePolicy">
@ -496,6 +453,26 @@
</property>
</widget>
</item>
<item row="2" column="2">
<widget class="QCheckBox" name="chkOpenSpooler">
<property name="text">
<string>Remove spooler restriction, printers can be installed outside the sandbox</string>
</property>
</widget>
</item>
<item row="8" column="0">
<spacer name="verticalSpacer_12">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="1" column="1" colspan="2">
<widget class="QCheckBox" name="chkBlockSpooler">
<property name="text">
@ -503,18 +480,12 @@
</property>
</widget>
</item>
<item row="7" column="2">
<spacer name="horizontalSpacer_5">
<property name="orientation">
<enum>Qt::Horizontal</enum>
<item row="5" column="1" colspan="2">
<widget class="QCheckBox" name="chkOpenProtectedStorage">
<property name="text">
<string>Open System Protected Storage</string>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</widget>
</item>
<item row="0" column="1">
<widget class="QLabel" name="label_39">
@ -535,6 +506,35 @@
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_31">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Printing restrictions</string>
</property>
</widget>
</item>
<item row="8" column="2">
<spacer name="horizontalSpacer_5">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="4" column="0" colspan="2">
<widget class="QLabel" name="label_18">
<property name="font">
@ -551,6 +551,13 @@
</property>
</widget>
</item>
<item row="7" column="1" colspan="2">
<widget class="QCheckBox" name="chkCloseClipBoard">
<property name="text">
<string>Block read access to the clipboard</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
@ -2076,8 +2083,8 @@ instead of &quot;*&quot;.</string>
<rect>
<x>0</x>
<y>0</y>
<width>63</width>
<height>16</height>
<width>98</width>
<height>28</height>
</rect>
</property>
<layout class="QGridLayout" name="dbgLayout">

11
SandboxiePlus/SandMan/SandMan.cpp
View File

@ -555,8 +555,15 @@ void CSandMan::dragEnterEvent(QDragEnterEvent* e)
void CSandMan::dropEvent(QDropEvent* e)
{
QStringList Boxes;
foreach(const CSandBoxPtr &pBox, theAPI->GetAllBoxes())
{
if (pBox->IsEnabled())
Boxes.append(pBox->GetName().replace("_", " "));
}
bool ok;
QString box = QInputDialog::getItem(this, "Sandboxie-Plus", tr("Select box:"), theAPI->GetAllBoxes().keys(), 0, false, &ok);
QString box = QInputDialog::getItem(this, "Sandboxie-Plus", tr("Select box:"), Boxes, 0, false, &ok);
if (!ok || box.isEmpty())
return;
@ -565,7 +572,7 @@ void CSandMan::dropEvent(QDropEvent* e)
continue;
QString FileName = url.toLocalFile().replace("/", "\\");
theAPI->RunStart(box, FileName);
theAPI->RunStart(box.replace(" ", "_"), FileName);
}
}

9
SandboxiePlus/SandMan/Windows/NewBoxWindow.cpp
View File

@ -40,6 +40,8 @@ CNewBoxWindow::CNewBoxWindow(QWidget *parent)
ui.cmbTemplates->addItem(tr("Default"));
ui.cmbTemplates->setCurrentIndex(eDefault);
ui.cmbTemplates->addItem(tr("Legacy Sandboxie Behaviour"));
// leniant
// open
foreach(const CSandBoxPtr& pBox, Boxes)
ui.cmbBoxes->addItem(pBox->GetName());
@ -97,14 +99,17 @@ void CNewBoxWindow::CreateBox()
{
case eHardened:
pBox.objectCast<CSandBoxPlus>()->SetBool("DropAdminRights", true);
//pBox.objectCast<CSandBoxPlus>()->SetBool("FakeAdminRights", true); // Note: making the app think its dmin has no security downsides,but can help with ompatybility
pBox.objectCast<CSandBoxPlus>()->SetBool("ClosePrintSpooler", true);
//pBox.objectCast<CSandBoxPlus>()->SetBool("OpenSmartCard", false);
break;
case eLegacy:
pBox.objectCast<CSandBoxPlus>()->SetBool("UnrestrictedSCM", true);
pBox.objectCast<CSandBoxPlus>()->SetBool("ExposeBoxedSystem", true);
//pBox.objectCast<CSandBoxPlus>()->SetBool("ExposeBoxedSystem", true);
//pBox.objectCast<CSandBoxPlus>()->SetBool("RunServicesAsSystem", true); // legacy behavioure but there should be no normal use cases which require this
pBox.objectCast<CSandBoxPlus>()->SetBool("OpenPrintSpooler", true);
pBox.objectCast<CSandBoxPlus>()->InsertText("Template", "OpenSmartCard");
default:
pBox.objectCast<CSandBoxPlus>()->InsertText("Template", "OpenBluetooth"); // most unity games needs that an most modern gmes are unitybased
break;
}
}

52
SandboxiePlus/SandMan/Windows/OptionsWindow.cpp
View File

@ -134,7 +134,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
ui.tabs->setTabIcon(9, CSandMan::GetIcon("Template"));
ui.tabs->setTabIcon(10, CSandMan::GetIcon("EditIni"));
ui.tabs->setCurrentIndex(0);
ui.tabs->setCurrentIndex(m_Template ? 10 : 0);
//connect(ui.chkWithTemplates, SIGNAL(clicked(bool)), this, SLOT(OnWithTemplates()));
@ -165,6 +165,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenProtectedStorage, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkCloseClipBoard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
//connect(ui.chkOpenSmartCard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
//connect(ui.chkOpenBluetooth, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
@ -453,6 +454,7 @@ void COptionsWindow::LoadConfig()
ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false));
ui.chkOpenCredentials->setEnabled(!ui.chkOpenProtectedStorage->isChecked());
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true));
//ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true));
//ui.chkOpenBluetooth->setChecked(m_pBox->GetBool("OpenBluetooth", false));
@ -619,18 +621,19 @@ void COptionsWindow::SaveConfig()
BorderCfg.append(QString::number(ui.spinBorderWidth->value()));
m_pBox->SetText("BorderColor", BorderCfg.join(","));
m_pBox->SetBool("BlockNetworkFiles", ui.chkBlockNetShare->isChecked());
m_pBox->SetBool("BlockNetParam", ui.chkBlockNetParam->isChecked());
m_pBox->SetBool("DropAdminRights", ui.chkDropRights->isChecked());
m_pBox->SetBool("FakeAdminRights", ui.chkFakeElevation->isChecked());
m_pBox->SetBool("ClosePrintSpooler", ui.chkBlockSpooler->isChecked());
m_pBox->SetBool("OpenPrintSpooler", ui.chkOpenSpooler->isChecked());
m_pBox->SetBool("AllowSpoolerPrintToFile", ui.chkPrintToFile->isChecked());
WriteAdvancedCheck(ui.chkBlockNetShare, "BlockNetworkFiles", "", "n");
WriteAdvancedCheck(ui.chkBlockNetParam, "BlockNetParam", "", "n");
WriteAdvancedCheck(ui.chkDropRights, "DropAdminRights", "y", "");
WriteAdvancedCheck(ui.chkFakeElevation, "FakeAdminRights", "y", "");
WriteAdvancedCheck(ui.chkBlockSpooler, "ClosePrintSpooler", "y", "");
WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", "");
WriteAdvancedCheck(ui.chkPrintToFile, "AllowSpoolerPrintToFile", "y", "");
WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", "");
if (ui.chkOpenCredentials->isEnabled())
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
//WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
//WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", "");
@ -656,15 +659,14 @@ void COptionsWindow::SaveConfig()
m_pBox->SetNum("CopyLimitKb", ui.chkCopyLimit->isChecked() ? ui.txtCopyLimit->text().toInt() : -1);
m_pBox->SetBool("PromptForFileMigration", ui.chkCopyPrompt->isChecked());
m_pBox->SetBool("CopyLimitSilent", !ui.chkNoCopyWarn->isChecked());
WriteAdvancedCheck(ui.chkCopyPrompt, "PromptForFileMigration", "", "n");
WriteAdvancedCheck(ui.chkNoCopyWarn, "CopyLimitSilent", "", "y");
m_pBox->SetBool("NeverDelete", ui.chkProtectBox->isChecked());
m_pBox->SetBool("AutoDelete", ui.chkAutoEmpty->isChecked());
m_pBox->SetBool("AllowRawDiskRead", ui.chkRawDiskRead->isChecked());
m_pBox->SetBool("NotifyDirectDiskAccess", ui.chkRawDiskNotify->isChecked());
WriteAdvancedCheck(ui.chkProtectBox, "NeverDelete", "y", "");
WriteAdvancedCheck(ui.chkAutoEmpty, "AutoDelete", "y", "");
WriteAdvancedCheck(ui.chkRawDiskRead, "AllowRawDiskRead", "y", "");
WriteAdvancedCheck(ui.chkRawDiskNotify, "NotifyDirectDiskAccess", "y", "");
m_GeneralChanged = false;
}
@ -680,15 +682,15 @@ void COptionsWindow::SaveConfig()
if (m_StartChanged)
{
m_pBox->SetBool("NotifyStartRunAccessDenied", ui.chkStartBlockMsg->isChecked());
WriteAdvancedCheck(ui.chkStartBlockMsg, "NotifyStartRunAccessDenied", "", "n");
m_StartChanged = false;
}
if (m_INetBlockChanged)
{
m_pBox->SetBool("PromptForInternetAccess", ui.chkINetBlockPrompt->isChecked());
m_pBox->SetBool("NotifyInternetAccessDenied", ui.chkINetBlockMsg->isChecked());
WriteAdvancedCheck(ui.chkINetBlockPrompt, "PromptForInternetAccess", "y", "");
WriteAdvancedCheck(ui.chkINetBlockMsg, "NotifyInternetAccessDenied", "", "n");
m_INetBlockChanged = false;
}
@ -701,15 +703,15 @@ void COptionsWindow::SaveConfig()
if (m_AdvancedChanged)
{
WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "", "y");
WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "", "y");
WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "y", "");
WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "y", "");
WriteAdvancedCheck(ui.chkProtectSCM, "UnrestrictedSCM", "", "y");
WriteAdvancedCheck(ui.chkRestrictServices, "RunServicesAsSystem", "", "y");
WriteAdvancedCheck(ui.chkProtectSystem, "ExposeBoxedSystem", "", "y");
WriteAdvancedCheck(ui.chkOpenDevCMApi, "OpenDevCMApi", "n", "");
WriteAdvancedCheck(ui.chkOpenLsaSSPI, "BlockPassword", "", "n"); // OpenLsaSSPI
WriteAdvancedCheck(ui.chkOpenLsaSSPI, "BlockPassword", "n", ""); // OpenLsaSSPI
WriteAdvancedCheck(ui.chkOpenSamEndpoint, "OpenSamEndpoint", "n", "");
WriteAdvancedCheck(ui.chkOpenLsaEndpoint, "OpenLsaEndpoint", "n", "");
@ -1923,7 +1925,7 @@ void COptionsWindow::SaveRecoveryList()
m_pBox->UpdateTextList("RecoverFolder", RecoverFolder, m_Template);
m_pBox->UpdateTextList("AutoRecoverIgnore", AutoRecoverIgnore, m_Template);
m_pBox->SetBool("AutoRecover", ui.chkAutoRecovery->isChecked());
WriteAdvancedCheck(ui.chkAutoRecovery, "AutoRecover", "y", "");
m_RecoveryChanged = false;
}
@ -2134,9 +2136,9 @@ void COptionsWindow::LoadTemplates()
QString Name = *I++;
QString Category = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Class", 0x40000000L); // CONF_GET_NO_GLOBAL);
QString Title = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Title", 0x40000000L); // CONF_GET_NO_GLOBAL);
/*QString Hide = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Hide", 0x40000000L); // CONF_GET_NO_GLOBAL);
QString Hide = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Hide", 0x40000000L); // CONF_GET_NO_GLOBAL);
if (Hide == "y" || Hide == "Y")
continue;*/
continue;
if (Name == "Template_ScreenReader")
continue;

12
SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
View File

@ -357,8 +357,18 @@ void CSettingsWindow::OnTab()
QSharedPointer<CSbieIni> pTemplate = QSharedPointer<CSbieIni>(new CSbieIni("Template_" + I.key(), theAPI));
QString Title = pTemplate->GetText("Tmpl.Title");
if (Title.left(1) == "#")
{
int End = Title.mid(1).indexOf(",");
if (End == -1) End = Title.length() - 1;
int MsgNum = Title.mid(1, End).toInt();
Title = theAPI->GetSbieMsgStr(MsgNum, theGUI->m_LanguageId).arg(Title.mid(End + 2)).arg("");
}
//if (Title.isEmpty()) Title = Name;
QTreeWidgetItem* pItem = new QTreeWidgetItem();
pItem->setText(0, pTemplate->GetText("Tmpl.Title"));
pItem->setText(0, Title);
pItem->setData(0, Qt::UserRole, I.key());
pItem->setCheckState(0, (I.value() & CSbieTemplates::eDisabled) == 0 ? Qt::Checked : Qt::Unchecked);
ui.treeCompat->addTopLevelItem(pItem);

2
SandboxiePlus/version.h
View File

@ -2,7 +2,7 @@
#define VERSION_MJR 0
#define VERSION_MIN 7
#define VERSION_REV 4
#define VERSION_REV 5
#define VERSION_UPD 0
#ifndef STR