Build 0.7.5

This commit is contained in:
DavidXanatos 2021-06-05 10:53:58 +02:00
parent 8554623f27
commit 8c5eb2f01c
27 changed files with 494 additions and 166 deletions

View File

@ -16,10 +16,31 @@ This project adheres to [Semantic Versioning](http://semver.org/).
## [0.7.4 / 5.49.7] - 2021-04-11
## [0.7.5 / 5.49.8] - 2021-06-05
### Added
- added option to disable file migration prompt in the Plus UI by using "PromptForFileMigration=n"
- with "OpenClipboard=n" clipboard access for a sandbox can be now disabled
### Changed
- now by default the OpenBluetooth template is enabled to enable compatybility with unity games
- "PreferExternalManifest=program.exe,y" can now be set on a per process basis
### Fixed
- fixed compiled issues with the most recent vs2019 update
- fixed issue with vivaldi browser
- fixed some issues with box options in the plus ui
- fixed some issues with hw acceleration in chromium based browsers
- the stop all command now issues "kmdutill scandll" first to solve issues when the SbieDll.Dll is in use
- workaround for electorn apps, by forcing a additional commandline argument on the gpu renderer process
## [0.7.4 / 5.49.7] - 2021-04-12
### Added
- added option to disable file migration prompt
- added UI options for various security isolation features
- added missing functionality to set template values in the Plus UI

View File

@ -770,7 +770,7 @@ void CAppPage::Folders_OnInitDialog(CBox &box)
while (! tmpl_names.IsEmpty()) {
CString tmpl_name = tmpl_names.RemoveHead();
CString varname = ini.GetTemplateVariable(tmpl_name);
CString varname = ini.GetTemplateVariable(tmpl_name); // fix-me: there may be more than one folder per template
if (varname.IsEmpty())
continue;
@ -1555,4 +1555,31 @@ void CAppPage::SetDefaultTemplates8(CBox& box)
{
box.EnableTemplate(L"FileCopy", TRUE);
box.EnableTemplate(L"SkipHook", TRUE);
SetDefaultTemplates9(box);
}
//---------------------------------------------------------------------------
// SetDefaultTemplates9
//---------------------------------------------------------------------------
void CAppPage::SetDefaultTemplates9(CBox& box)
{
CSbieIni &ini = CSbieIni::GetInstance();
// fix the unfortunate typo
if (box.IsTemplateEnabled(L"FileCppy")) {
box.EnableTemplate(L"FileCopy", TRUE);
box.EnableTemplate(L"FileCppy", FALSE);
}
box.EnableTemplate(L"WindowsFontCache", FALSE);
BOOL bHardened = FALSE;
ini.GetBool(box.GetName(), L"DropAdminRights", bHardened, FALSE);
if (!bHardened) {
// enable those templates only for non hardened boxes
box.EnableTemplate(L"OpenBluetooth", TRUE);
box.EnableTemplate(L"OpenSmartCard", TRUE);
}
}

View File

@ -127,6 +127,7 @@ public:
static void SetDefaultTemplates6(CBox &box);
static void SetDefaultTemplates7(CBox &box);
static void SetDefaultTemplates8(CBox& box);
static void SetDefaultTemplates9(CBox& box);
};

View File

@ -226,18 +226,23 @@ void CBox::SetDefaultSettings()
int cfglvl;
ini.GetNum(m_name, _ConfigLevel, cfglvl);
if (cfglvl >= 8)
if (cfglvl >= 9)
return;
BOOL ok = TRUE;
if (cfglvl >= 1) {
ok = ini.SetNum(m_name, _ConfigLevel, 8);
ok = ini.SetNum(m_name, _ConfigLevel, 9);
if (ok) {
if (cfglvl == 7) {
if (cfglvl == 8) {
CAppPage::SetDefaultTemplates9(*this);
}
else if (cfglvl == 7) {
CAppPage::SetDefaultTemplates8(*this);
@ -255,7 +260,7 @@ void CBox::SetDefaultSettings()
goto done;
}
ok = ini.SetNum(m_name, _ConfigLevel, 8);
ok = ini.SetNum(m_name, _ConfigLevel, 9);
if (ok)
{

View File

@ -21,8 +21,8 @@
#ifndef _MY_VERSION_H
#define _MY_VERSION_H
#define MY_VERSION_BINARY 5,49,7
#define MY_VERSION_STRING "5.49.7"
#define MY_VERSION_BINARY 5,49,8
#define MY_VERSION_STRING "5.49.8"
#define MY_VERSION_COMPAT "5.49.0" // this refers to the driver ABI compatibility
// These #defines are used by either Resource Compiler, or by NSIC installer

View File

@ -1449,7 +1449,7 @@ _FX BOOLEAN Custom_SYSFER_DLL(HMODULE hmodule)
//---------------------------------------------------------------------------
_FX void Custom_Load_UxTheme(void)
/*_FX void Custom_Load_UxTheme(void)
{
//
// Google Chrome sandbox process is started with limited privileges
@ -1473,4 +1473,4 @@ _FX void Custom_Load_UxTheme(void)
SystemParametersInfo(SPI_GETFONTSMOOTHING, 0, &v, 0);
}
}
}
}*/

View File

@ -733,7 +733,7 @@ BOOLEAN MsCorEE_Init(HMODULE hmodule);
void Custom_ComServer(void);
void Custom_Load_UxTheme(void);
//void Custom_Load_UxTheme(void);
NTSTATUS StopTailCallOptimization(NTSTATUS status);

View File

@ -475,7 +475,9 @@ _FX void Dll_InitExeEntry(void)
// force load of UxTheme in a Google Chrome sandbox process
//
Custom_Load_UxTheme();
// Note: this does not seam to longer be needed for modern chrome builds, also it breaks the vivaldi browser
//Custom_Load_UxTheme();
UserEnv_InitVer(Dll_OsBuild >= 7600 ? Dll_KernelBase : Dll_Kernel32); // in KernelBase since win 7

View File

@ -506,6 +506,7 @@ _FX ULONG File_GetTempPathW(ULONG nBufferLength, WCHAR *lpBuffer)
return rc;
}
//BOOLEAN RpcRt_TestCallingModule(ULONG_PTR pRetAddr, ULONG_PTR hModule);
BOOL File_WriteProcessMemory(
HANDLE hProcess,
@ -519,6 +520,7 @@ BOOL File_WriteProcessMemory(
//
if (lpBaseAddress && lpBaseAddress == GetProcAddress(Dll_Ntdll, "NtSetInformationThread"))
//if (RpcRt_TestCallingModule((ULONG_PTR)lpBaseAddress, (ULONG_PTR)Dll_Ntdll))
{
if (lpNumberOfBytesWritten)
{

View File

@ -1239,11 +1239,13 @@ _FX HWND Gui_CreateWindowExW(
// note: the desktop window was made accessible in early v4 builds
// but this code is still here to handle any other parent windows
//
if (Dll_ChromeSandbox) {
// note: this code breaks chrome hw acceleration, so its no longer used
//
/*if (Dll_ChromeSandbox) {
dwStyle |= WS_CHILD;
hWndParent = HWND_MESSAGE;
}
}*/
//
// replace title on windows that have no parent

View File

@ -69,7 +69,7 @@ _FX BOOLEAN Gui_InitTitle(void)
//
SbieApi_QueryConfAsIs(NULL, L"BoxNameTitle", 0, buf, sizeof(buf));
if (*buf == L'y' || *buf == L'Y') {
if (*buf == L'y' || *buf == L'Y') { // indicator + box name
UNICODE_STRING uni;
@ -84,8 +84,9 @@ _FX BOOLEAN Gui_InitTitle(void)
RtlInitUnicodeString(&uni, Gui_BoxNameTitleW);
RtlUnicodeStringToAnsiString(&Gui_BoxNameTitleA, &uni, TRUE);
} else if (*buf == L'-')
} else if (*buf == L'-') // don't alter boxed window titles at all
Gui_DisableTitle = TRUE;
// else if(*buf == L'n' || *buf == L'N') means show indicator but not box name
Gui_TitleSuffixW_len = wcslen(Gui_TitleSuffixW);
Gui_TitleSuffixA_len = strlen(Gui_TitleSuffixA);

View File

@ -356,6 +356,35 @@ _FX BOOLEAN Proc_Init(void)
SBIEDLL_HOOK(Proc_,RtlCreateProcessParametersEx);
}
//
// UpdateProcThreadAttribute
//
// fix for chrome 86+
if (Dll_OsBuild >= 7600) {
void* UpdateProcThreadAttribute = NULL;
RtlInitString(&ansi, "UpdateProcThreadAttribute");
status = LdrGetProcedureAddress(
Dll_KernelBase, &ansi, 0, (void **)&UpdateProcThreadAttribute);
if (NT_SUCCESS(status))
SBIEDLL_HOOK(Proc_, UpdateProcThreadAttribute);
}
//
// SetProcessMitigationPolicy
//
// fox for SBIE2303 Could not hook ... (33, 1655) due to mitigation policies
if (Dll_OsBuild >= 8400) // win8
{
void* SetProcessMitigationPolicy = NULL;
RtlInitString(&ansi, "SetProcessMitigationPolicy");
status = LdrGetProcedureAddress(
Dll_KernelBase, &ansi, 0, (void**)&SetProcessMitigationPolicy);
if (NT_SUCCESS(status))
SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy);
}
//
// CreateProcessInternal
//
@ -373,27 +402,6 @@ _FX BOOLEAN Proc_Init(void)
Dll_Kernel32, &ansi, 0, (void **)&CreateProcessInternalW);
}
// fix for chrome 86+
if (Dll_OsBuild >= 7600) {
void* UpdateProcThreadAttribute = NULL;
RtlInitString(&ansi, "UpdateProcThreadAttribute");
status = LdrGetProcedureAddress(
Dll_KernelBase, &ansi, 0, (void **)&UpdateProcThreadAttribute);
if (NT_SUCCESS(status))
SBIEDLL_HOOK(Proc_, UpdateProcThreadAttribute);
}
// fox for SBIE2303 Could not hook ... (33, 1655) due to mitigation policies
if (Dll_OsBuild >= 8400) // win8
{
void* SetProcessMitigationPolicy = NULL;
RtlInitString(&ansi, "SetProcessMitigationPolicy");
status = LdrGetProcedureAddress(
Dll_KernelBase, &ansi, 0, (void**)&SetProcessMitigationPolicy);
if (NT_SUCCESS(status))
SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy);
}
if(Dll_OsBuild < 17677) {
SBIEDLL_HOOK(Proc_,CreateProcessInternalW);
@ -1104,6 +1112,7 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
ULONG err;
BOOL ok;
BOOL resume_thread = FALSE;
WCHAR* lpAlteredCommandLine = NULL;
Proc_LastCreatedProcessHandle = NULL;
@ -1118,6 +1127,31 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
return ok;
}
//
// Electron based applications which work like chrome seam to fail with HW acceleration even when
// thay get the same treatment as chrome and chromium derivatives.
// hack: by adding a parameter to the gpu renderer process we can fix the issue.
//
if (Dll_ImageType == DLL_IMAGE_UNSPECIFIED)
{
if(lpApplicationName && lpCommandLine)
{
WCHAR* backslash = wcsrchr(lpApplicationName, L'\\');
if ((backslash && _wcsicmp(backslash + 1, Dll_ImageName) == 0)
&& wcsstr(lpCommandLine, L" --type=gpu-process")
&& !wcsstr(lpCommandLine, L" --use-gl=swiftshader-webgl")) {
lpAlteredCommandLine = Dll_Alloc((wcslen(lpCommandLine) + 32 + 1) * sizeof(WCHAR));
wcscpy(lpAlteredCommandLine, lpCommandLine);
wcscat(lpAlteredCommandLine, L" --use-gl=swiftshader-webgl");
lpCommandLine = lpAlteredCommandLine;
}
}
}
//
// hack: recent versions of Flash Player use the Chrome sandbox
// architecture which conflicts with our restricted process model
@ -1196,8 +1230,6 @@ _FX BOOL Proc_CreateProcessInternalW_RS5(
if (lpCommandLine) {
wcscat(buf, lpCommandLine);
}
else
TlsData->proc_command_line = NULL;
TlsData->proc_command_line = buf;
@ -1391,6 +1423,9 @@ finish:
if (lpCurrentDirectory && lpCurrentDirectory != SaveCurrentDirectory)
Dll_Free(lpCurrentDirectory);
if(lpAlteredCommandLine)
Dll_Free(lpAlteredCommandLine);
if (TlsData->proc_image_path) {
Dll_Free(TlsData->proc_image_path);
TlsData->proc_image_path = NULL;
@ -1424,7 +1459,7 @@ _FX BOOL Proc_AlternateCreateProcess(
BOOL *ReturnValue)
{
if (SbieApi_QueryConfBool(NULL, L"BlockSoftwareUpdaters", TRUE))
if (Proc_IsSoftwareUpdateW(lpApplicationName)) {
if (Proc_IsSoftwareUpdateW(lpApplicationName ? lpApplicationName : lpCommandLine)) {
SetLastError(ERROR_ACCESS_DENIED);
*ReturnValue = FALSE;
@ -2324,6 +2359,15 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
MatchDir = L"\\google\\update\\";
SoftName = L"Google Chrome";
} else if (Dll_ImageType == DLL_IMAGE_SANDBOXIE_DCOMLAUNCH) {
if (! Proc_IsProcessRunning(L"msedge.exe"))
return FALSE;
MatchExe = L"microsoftedgeupdatebroker.exe";
MatchDir = L"\\microsoft\\edgeupdate";
SoftName = L"Microsoft Edge";
} else
return FALSE;
@ -2334,7 +2378,7 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path)
IsUpdate = FALSE;
backslash = wcsrchr(path, L'\\');
if (backslash && _wcsicmp(backslash + 1, MatchExe) == 0) {
if (backslash && _wcsnicmp(backslash + 1, MatchExe, wcslen(MatchExe)) == 0) {
ULONG len = wcslen(path) + 1;
WCHAR *path2 = Dll_AllocTemp(len * sizeof(WCHAR));

View File

@ -1981,8 +1981,8 @@ _FX BOOLEAN Sxs_KeyCallback(const WCHAR *path, HANDLE *out_handle)
// a pre-set value for PreferExternalManifest
//
if (!SbieApi_QueryConfBool(NULL, L"PreferExternalManifest", FALSE))
return FALSE;
if (!Config_GetSettingsForImageName_bool(L"PreferExternalManifest", FALSE))
return FALSE;
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);
@ -2078,8 +2078,8 @@ _FX BOOLEAN Sxs_FileCallback(const WCHAR *path, HANDLE *out_handle)
// our installation home directory
//
if (!SbieApi_QueryConfBool(NULL, L"PreferExternalManifest", FALSE))
return FALSE;
if (!Config_GetSettingsForImageName_bool(L"PreferExternalManifest", FALSE))
return FALSE;
THREAD_DATA *TlsData = Dll_GetTlsData(NULL);

View File

@ -2429,13 +2429,21 @@ ULONG GuiServer::GetClipboardDataSlave(SlaveArgs *args)
GUI_GET_CLIPBOARD_DATA_RPL *rpl =
(GUI_GET_CLIPBOARD_DATA_RPL *)args->rpl_buf;
//todo: fail if the calling process should not have clipboard access
if (args->req_len != sizeof(GUI_GET_CLIPBOARD_DATA_REQ))
return STATUS_INFO_LENGTH_MISMATCH;
rpl->result = 0;
// fail if the calling process should not have clipboard access
WCHAR boxname[48] = { 0 };
WCHAR exename[128] = { 0 };
SbieApi_QueryProcess((HANDLE)args->pid, boxname, exename, NULL, NULL);
if (!SbieApi_QueryConfBool(boxname, L"OpenClipboard", TRUE))
{
rpl->error = ERROR_ACCESS_DENIED;
goto finish;
}
EnterCriticalSection(&m_SlavesLock);
if (! OpenClipboard(NULL))
@ -2495,6 +2503,7 @@ ULONG GuiServer::GetClipboardDataSlave(SlaveArgs *args)
LeaveCriticalSection(&m_SlavesLock);
finish:
args->rpl_len = sizeof(GUI_GET_CLIPBOARD_DATA_RPL);
return STATUS_SUCCESS;
}

View File

@ -2856,7 +2856,7 @@ OpenIpcPath=*\BaseNamedObjects*\{034DBD6D-6784-4CB3-97D8-749947D01F72}
[Template_ScreenReader]
Tmpl.Title=#4305,JAWS, NVDA, Window-Eyes, System Access
Tmpl.Class=Misc
Tmpl.Scan=i
# Tmpl.Scan=i
Tmpl.Hide=y
OpenIpcPath=\RPC Control\epmapper
OpenIpcPath=\RPC Control\OLE*
@ -3166,19 +3166,3 @@ Tmpl.Entry=StrokeIt | StrokeIt
[Template_FireFix_for_Win7]
[Template_FileCppy]
Tmpl.Title=#4295
Tmpl.Class=Misc
DontCopy=*.url
CopyEmpty=*\microsoft\windows\explorer\thumbcache_*
CopyEmpty=*\microsoft\windows\explorer\iconcache_*
# firefox
CopyAlways=*\places.sqlite
CopyAlways=*\xul.mfl
# windows installer etc
CopyAlways=*\qmgr0.dat
CopyAlways=*\qmgr1.dat
CopyAlways=*\infcache.1
CopyAlways=*\cbs.log
# internet explorer 10 web cache
CopyAlways=*\webcachev*.dat

View File

@ -0,0 +1,176 @@
#include "stdafx.h"
#include "collapsiblegroupbox.h"
#include <QApplication>
#include <QGuiApplication>
#include <QLayout>
#include <QResizeEvent>
#include <QScreen>
#include <QStyle>
#include <QTimer>
#include <QWindow>
#include <cassert>
#include <cmath>
inline
QWindow *findWindowForWidget(const QWidget *widget)
{
for (;;) {
QWindow *wh = widget->window()->windowHandle();
if (wh != nullptr)
return wh;
widget = qobject_cast<const QWidget *>(widget->parent());
if (widget == nullptr)
return nullptr;
}
}
inline
QScreen * findScreenForWidget(const QWidget *widget)
{
for (;;) {
QWindow *wh = widget->window()->windowHandle();
if (wh != nullptr) {
QScreen *scr = wh->screen();
if (scr != nullptr)
return scr;
}
widget = qobject_cast<const QWidget *>(widget->parent());
if (widget == nullptr)
return nullptr;
}
}
CCollapsibleGroupBox::CCollapsibleGroupBox(QWidget *parent) :
QGroupBox(parent)
{
m_clExpButton = new QToolButton(this);
m_clExpButton->setCheckable(true);
connect(m_clExpButton, &QToolButton::clicked, this, &CCollapsibleGroupBox::onVisibilityChanged);
QTimer::singleShot(0, this, [this] {
auto wh = findWindowForWidget(this);
if (wh != nullptr)
connect(wh, &QWindow::screenChanged, this, &CCollapsibleGroupBox::onScreenChanged);
});
QTimer::singleShot(0, this, &CCollapsibleGroupBox::resizeCollapseButton);
}
void CCollapsibleGroupBox::collapseLayout(QLayout *lay)
{
assert(!m_layoutMargins.contains(lay));
const int cnt = lay->count();
for (int idx = 0; idx < cnt; idx++) {
auto lit = lay->itemAt(idx);
if (lit->widget()) {
auto w = lit->widget();
if (w != m_clExpButton)
w->setVisible(false);
}
else if (lit->spacerItem())
collapseSpacer(lit->spacerItem());
else if (lit->layout())
collapseLayout(lit->layout());
}
m_layoutMargins[lay] = lay->contentsMargins();
lay->setContentsMargins(0, 0, 0, 0);
}
void CCollapsibleGroupBox::collapseSpacer(QSpacerItem *spacer)
{
assert(!m_spacerSizes.contains(spacer));
m_spacerSizes[spacer] = {spacer->sizeHint(), spacer->sizePolicy()};
spacer->changeSize(0, 0);
}
void CCollapsibleGroupBox::expandLayout(QLayout *lay)
{
assert(m_layoutMargins.contains(lay));
const int cnt = lay->count();
for (int idx = 0; idx < cnt; idx++) {
auto lit = lay->itemAt(idx);
if (lit->widget())
lit->widget()->setVisible(true);
else if (lit->spacerItem())
expandSpacer(lit->spacerItem());
else if (lit->layout())
expandLayout(lit->layout());
}
lay->setContentsMargins(m_layoutMargins[lay]);
}
void CCollapsibleGroupBox::expandSpacer(QSpacerItem *spacer)
{
assert(m_spacerSizes.contains(spacer));
const auto &sz = m_spacerSizes[spacer].first;
const auto &pol = m_spacerSizes[spacer].second;
spacer->changeSize(sz.width(), sz.height(), pol.horizontalPolicy(), pol.verticalPolicy());
}
void CCollapsibleGroupBox::onScreenChanged()
{
resizeCollapseButton();
}
void CCollapsibleGroupBox::onVisibilityChanged()
{
assert(this->layout() != nullptr);
if(m_clExpButton->isChecked())
{
m_layoutMargins.clear();
m_spacerSizes.clear();
collapseLayout(this->layout());
}
else
{
expandLayout(this->layout());
}
}
void CCollapsibleGroupBox::resizeCollapseButton()
{
const QScreen *scr = findScreenForWidget(this);
if (scr == nullptr)
return;
const auto &size = this->size();
#ifdef Q_OS_WIN
qreal baseSize = 15.0;
int yOffset = 5;
#else
qreal baseSize = 22.0;
int yOffset = 0;
#endif
if (scr == nullptr)
return;
if (QString::compare(QApplication::style()->objectName(), "fusion") == 0)
baseSize = 15.0;
const qreal dpi = scr->logicalDotsPerInchX();
const qreal btnSize = floor((baseSize * dpi / 96.0) + 0.5);
m_clExpButton->setGeometry(size.width() - btnSize, yOffset, btnSize, btnSize);
}
void CCollapsibleGroupBox::resizeEvent(QResizeEvent *)
{
resizeCollapseButton();
}

View File

@ -5,15 +5,18 @@
#include <QMap>
#include <QMargins>
#include <QPair>
#include <QToolButton>
class QResizeEvent;
class CollapseExpandButton;
class QSpacerItem;
class CollapsibleGroupBox : public QGroupBox
#include "../mischelpers_global.h"
class MISCHELPERS_EXPORT CCollapsibleGroupBox : public QGroupBox
{
public:
explicit CollapsibleGroupBox(QWidget *parent = nullptr);
explicit CCollapsibleGroupBox(QWidget *parent = nullptr);
protected:
void resizeEvent(QResizeEvent *);
@ -25,7 +28,7 @@ private:
void expandLayout(QLayout *layout);
void expandSpacer(QSpacerItem *spacer);
CollapseExpandButton *m_clExpButton;
QToolButton *m_clExpButton;
QMap<const void *, QMargins> m_layoutMargins;
QMap<const void *, QPair<QSize, QSizePolicy>> m_spacerSizes;

View File

@ -36,11 +36,12 @@ void CTabPanel::ShowTab(int Index, bool bShow)
RebuildTabs(ActiveTab, VisibleTabs);
}
void CTabPanel::AddTab(QWidget* pWidget, const QString& Name)
int CTabPanel::AddTab(QWidget* pWidget, const QString& Name)
{
STab Tab{Name, pWidget, true};
m_AllTabs.append(Tab);
m_pTabs->addTab(Tab.pWidget, Tab.Name);
return m_AllTabs.count() - 1;
}
void CTabPanel::SaveTabs(int& ActiveTab, QStringList& VisibleTabs)
@ -64,10 +65,9 @@ void CTabPanel::RebuildTabs(const int ActiveTab, const QStringList& VisibleTabs)
{
STab& Tab = m_AllTabs[i];
if (VisibleTabs.size() <= i || VisibleTabs[i].toInt() != 0)
Tab.bVisible = (VisibleTabs.size() <= i || VisibleTabs[i].toInt() != 0);
if (Tab.bVisible)
{
Tab.bVisible = true;
m_pTabs->addTab(Tab.pWidget, Tab.Name);
if (i == ActiveTab)
m_pTabs->setCurrentWidget(Tab.pWidget);

View File

@ -18,11 +18,11 @@ public:
virtual int GetTabCount() { return m_AllTabs.size(); }
virtual QString GetTabLabel(int Index) { if (Index >= m_AllTabs.size()) return ""; return m_AllTabs[Index].Name; }
virtual void ShowTab(int Index, bool bShow);
virtual bool IsTabVisible(int Index) { if (Index >= m_AllTabs.size()) return ""; return m_AllTabs[Index].bVisible; }
virtual bool IsTabVisible(int Index) { if (Index >= m_AllTabs.size()) return false; return m_AllTabs[Index].bVisible; }
protected:
virtual void InitializeTabs() = 0;
virtual void AddTab(QWidget* pWidget, const QString& Name);
virtual int AddTab(QWidget* pWidget, const QString& Name);
virtual void RebuildTabs(const int ActiveTab, const QStringList& VisibleTabs);
virtual void SaveTabs(int& ActiveTab, QStringList& VisibleTabs);

View File

@ -43,9 +43,8 @@ CSandBox::CSandBox(const QString& BoxName, class CSbieAPI* pAPI) : CSbieIni(BoxN
// when loading a sandbox that is not initialized, initialize it
int cfglvl = GetNum("ConfigLevel");
if (cfglvl >= 8)
if (cfglvl >= 9)
return;
SetNum("ConfigLevel", 8);
if (cfglvl == 0)
{
@ -84,7 +83,27 @@ CSandBox::CSandBox(const QString& BoxName, class CSbieAPI* pAPI) : CSbieIni(BoxN
InsertText("Template", "FileCopy");
InsertText("Template", "SkipHook");
}
if (cfglvl < 9)
{
// fix the unfortunate typo
if (GetTextList("Template", false).contains("FileCppy"))
{
InsertText("Template", "FileCopy");
DelValue("Template", "FileCppy");
}
DelValue("Template", "WindowsFontCache");
// templates L9
if (GetBool("DropAdminRights", false) == false)
{
// enable those templates only for non hardened boxes
InsertText("Template", "OpenBluetooth");
}
}
SetNum("ConfigLevel", 9);
}
CSandBox::~CSandBox()

View File

@ -88,6 +88,7 @@ SB_STATUS CSbieUtils::Stop(EComponent Component)
void CSbieUtils::Stop(EComponent Component, QStringList& Ops)
{
Ops.append(QString::fromWCharArray(L"kmdutil.exe|scandll"));
if ((Component & eService) != 0 && GetServiceStatus(SBIESVC) != SERVICE_STOPPED)
Ops.append(QString::fromWCharArray(L"kmdutil.exe|stop|" SBIESVC));
if ((Component & eDriver) != 0 && GetServiceStatus(SBIEDRV) != SERVICE_STOPPED)

View File

@ -6,7 +6,7 @@
<rect>
<x>0</x>
<y>0</y>
<width>657</width>
<width>660</width>
<height>449</height>
</rect>
</property>
@ -45,7 +45,7 @@
<enum>QTabWidget::West</enum>
</property>
<property name="currentIndex">
<number>9</number>
<number>0</number>
</property>
<widget class="QWidget" name="tabGeneral">
<attribute name="title">
@ -433,42 +433,6 @@
<layout class="QGridLayout" name="gridLayout_37">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_36">
<item row="2" column="2">
<widget class="QCheckBox" name="chkOpenSpooler">
<property name="text">
<string>Remove spooler restriction, printers can be installed outside the sandbox</string>
</property>
</widget>
</item>
<item row="7" column="0">
<spacer name="verticalSpacer_12">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_31">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Printing restrictions</string>
</property>
</widget>
</item>
<item row="6" column="2">
<widget class="QCheckBox" name="chkOpenCredentials">
<property name="text">
@ -476,13 +440,6 @@
</property>
</widget>
</item>
<item row="5" column="1" colspan="2">
<widget class="QCheckBox" name="chkOpenProtectedStorage">
<property name="text">
<string>Open System Protected Storage</string>
</property>
</widget>
</item>
<item row="3" column="2">
<widget class="QCheckBox" name="chkPrintToFile">
<property name="sizePolicy">
@ -496,6 +453,26 @@
</property>
</widget>
</item>
<item row="2" column="2">
<widget class="QCheckBox" name="chkOpenSpooler">
<property name="text">
<string>Remove spooler restriction, printers can be installed outside the sandbox</string>
</property>
</widget>
</item>
<item row="8" column="0">
<spacer name="verticalSpacer_12">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="1" column="1" colspan="2">
<widget class="QCheckBox" name="chkBlockSpooler">
<property name="text">
@ -503,18 +480,12 @@
</property>
</widget>
</item>
<item row="7" column="2">
<spacer name="horizontalSpacer_5">
<property name="orientation">
<enum>Qt::Horizontal</enum>
<item row="5" column="1" colspan="2">
<widget class="QCheckBox" name="chkOpenProtectedStorage">
<property name="text">
<string>Open System Protected Storage</string>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</widget>
</item>
<item row="0" column="1">
<widget class="QLabel" name="label_39">
@ -535,6 +506,35 @@
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_31">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
</font>
</property>
<property name="toolTip">
<string>Protect the system from sandboxed processes</string>
</property>
<property name="text">
<string>Printing restrictions</string>
</property>
</widget>
</item>
<item row="8" column="2">
<spacer name="horizontalSpacer_5">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="4" column="0" colspan="2">
<widget class="QLabel" name="label_18">
<property name="font">
@ -551,6 +551,13 @@
</property>
</widget>
</item>
<item row="7" column="1" colspan="2">
<widget class="QCheckBox" name="chkCloseClipBoard">
<property name="text">
<string>Block read access to the clipboard</string>
</property>
</widget>
</item>
</layout>
</item>
</layout>
@ -2076,8 +2083,8 @@ instead of &quot;*&quot;.</string>
<rect>
<x>0</x>
<y>0</y>
<width>63</width>
<height>16</height>
<width>98</width>
<height>28</height>
</rect>
</property>
<layout class="QGridLayout" name="dbgLayout">

View File

@ -555,8 +555,15 @@ void CSandMan::dragEnterEvent(QDragEnterEvent* e)
void CSandMan::dropEvent(QDropEvent* e)
{
QStringList Boxes;
foreach(const CSandBoxPtr &pBox, theAPI->GetAllBoxes())
{
if (pBox->IsEnabled())
Boxes.append(pBox->GetName().replace("_", " "));
}
bool ok;
QString box = QInputDialog::getItem(this, "Sandboxie-Plus", tr("Select box:"), theAPI->GetAllBoxes().keys(), 0, false, &ok);
QString box = QInputDialog::getItem(this, "Sandboxie-Plus", tr("Select box:"), Boxes, 0, false, &ok);
if (!ok || box.isEmpty())
return;
@ -565,7 +572,7 @@ void CSandMan::dropEvent(QDropEvent* e)
continue;
QString FileName = url.toLocalFile().replace("/", "\\");
theAPI->RunStart(box, FileName);
theAPI->RunStart(box.replace(" ", "_"), FileName);
}
}

View File

@ -40,6 +40,8 @@ CNewBoxWindow::CNewBoxWindow(QWidget *parent)
ui.cmbTemplates->addItem(tr("Default"));
ui.cmbTemplates->setCurrentIndex(eDefault);
ui.cmbTemplates->addItem(tr("Legacy Sandboxie Behaviour"));
// leniant
// open
foreach(const CSandBoxPtr& pBox, Boxes)
ui.cmbBoxes->addItem(pBox->GetName());
@ -97,14 +99,17 @@ void CNewBoxWindow::CreateBox()
{
case eHardened:
pBox.objectCast<CSandBoxPlus>()->SetBool("DropAdminRights", true);
//pBox.objectCast<CSandBoxPlus>()->SetBool("FakeAdminRights", true); // Note: making the app think its dmin has no security downsides,but can help with ompatybility
pBox.objectCast<CSandBoxPlus>()->SetBool("ClosePrintSpooler", true);
//pBox.objectCast<CSandBoxPlus>()->SetBool("OpenSmartCard", false);
break;
case eLegacy:
pBox.objectCast<CSandBoxPlus>()->SetBool("UnrestrictedSCM", true);
pBox.objectCast<CSandBoxPlus>()->SetBool("ExposeBoxedSystem", true);
//pBox.objectCast<CSandBoxPlus>()->SetBool("ExposeBoxedSystem", true);
//pBox.objectCast<CSandBoxPlus>()->SetBool("RunServicesAsSystem", true); // legacy behavioure but there should be no normal use cases which require this
pBox.objectCast<CSandBoxPlus>()->SetBool("OpenPrintSpooler", true);
pBox.objectCast<CSandBoxPlus>()->InsertText("Template", "OpenSmartCard");
default:
pBox.objectCast<CSandBoxPlus>()->InsertText("Template", "OpenBluetooth"); // most unity games needs that an most modern gmes are unitybased
break;
}
}

View File

@ -134,7 +134,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
ui.tabs->setTabIcon(9, CSandMan::GetIcon("Template"));
ui.tabs->setTabIcon(10, CSandMan::GetIcon("EditIni"));
ui.tabs->setCurrentIndex(0);
ui.tabs->setCurrentIndex(m_Template ? 10 : 0);
//connect(ui.chkWithTemplates, SIGNAL(clicked(bool)), this, SLOT(OnWithTemplates()));
@ -165,6 +165,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer<CSbieIni>& pBox, const QStri
connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkOpenProtectedStorage, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkCloseClipBoard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
//connect(ui.chkOpenSmartCard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
//connect(ui.chkOpenBluetooth, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
@ -453,6 +454,7 @@ void COptionsWindow::LoadConfig()
ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false));
ui.chkOpenCredentials->setEnabled(!ui.chkOpenProtectedStorage->isChecked());
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true));
//ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true));
//ui.chkOpenBluetooth->setChecked(m_pBox->GetBool("OpenBluetooth", false));
@ -619,18 +621,19 @@ void COptionsWindow::SaveConfig()
BorderCfg.append(QString::number(ui.spinBorderWidth->value()));
m_pBox->SetText("BorderColor", BorderCfg.join(","));
m_pBox->SetBool("BlockNetworkFiles", ui.chkBlockNetShare->isChecked());
m_pBox->SetBool("BlockNetParam", ui.chkBlockNetParam->isChecked());
m_pBox->SetBool("DropAdminRights", ui.chkDropRights->isChecked());
m_pBox->SetBool("FakeAdminRights", ui.chkFakeElevation->isChecked());
m_pBox->SetBool("ClosePrintSpooler", ui.chkBlockSpooler->isChecked());
m_pBox->SetBool("OpenPrintSpooler", ui.chkOpenSpooler->isChecked());
m_pBox->SetBool("AllowSpoolerPrintToFile", ui.chkPrintToFile->isChecked());
WriteAdvancedCheck(ui.chkBlockNetShare, "BlockNetworkFiles", "", "n");
WriteAdvancedCheck(ui.chkBlockNetParam, "BlockNetParam", "", "n");
WriteAdvancedCheck(ui.chkDropRights, "DropAdminRights", "y", "");
WriteAdvancedCheck(ui.chkFakeElevation, "FakeAdminRights", "y", "");
WriteAdvancedCheck(ui.chkBlockSpooler, "ClosePrintSpooler", "y", "");
WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", "");
WriteAdvancedCheck(ui.chkPrintToFile, "AllowSpoolerPrintToFile", "y", "");
WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", "");
if (ui.chkOpenCredentials->isEnabled())
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
//WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
//WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", "");
@ -656,15 +659,14 @@ void COptionsWindow::SaveConfig()
m_pBox->SetNum("CopyLimitKb", ui.chkCopyLimit->isChecked() ? ui.txtCopyLimit->text().toInt() : -1);
m_pBox->SetBool("PromptForFileMigration", ui.chkCopyPrompt->isChecked());
m_pBox->SetBool("CopyLimitSilent", !ui.chkNoCopyWarn->isChecked());
WriteAdvancedCheck(ui.chkCopyPrompt, "PromptForFileMigration", "", "n");
WriteAdvancedCheck(ui.chkNoCopyWarn, "CopyLimitSilent", "", "y");
m_pBox->SetBool("NeverDelete", ui.chkProtectBox->isChecked());
m_pBox->SetBool("AutoDelete", ui.chkAutoEmpty->isChecked());
m_pBox->SetBool("AllowRawDiskRead", ui.chkRawDiskRead->isChecked());
m_pBox->SetBool("NotifyDirectDiskAccess", ui.chkRawDiskNotify->isChecked());
WriteAdvancedCheck(ui.chkProtectBox, "NeverDelete", "y", "");
WriteAdvancedCheck(ui.chkAutoEmpty, "AutoDelete", "y", "");
WriteAdvancedCheck(ui.chkRawDiskRead, "AllowRawDiskRead", "y", "");
WriteAdvancedCheck(ui.chkRawDiskNotify, "NotifyDirectDiskAccess", "y", "");
m_GeneralChanged = false;
}
@ -680,15 +682,15 @@ void COptionsWindow::SaveConfig()
if (m_StartChanged)
{
m_pBox->SetBool("NotifyStartRunAccessDenied", ui.chkStartBlockMsg->isChecked());
WriteAdvancedCheck(ui.chkStartBlockMsg, "NotifyStartRunAccessDenied", "", "n");
m_StartChanged = false;
}
if (m_INetBlockChanged)
{
m_pBox->SetBool("PromptForInternetAccess", ui.chkINetBlockPrompt->isChecked());
m_pBox->SetBool("NotifyInternetAccessDenied", ui.chkINetBlockMsg->isChecked());
WriteAdvancedCheck(ui.chkINetBlockPrompt, "PromptForInternetAccess", "y", "");
WriteAdvancedCheck(ui.chkINetBlockMsg, "NotifyInternetAccessDenied", "", "n");
m_INetBlockChanged = false;
}
@ -701,15 +703,15 @@ void COptionsWindow::SaveConfig()
if (m_AdvancedChanged)
{
WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "", "y");
WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "", "y");
WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "y", "");
WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "y", "");
WriteAdvancedCheck(ui.chkProtectSCM, "UnrestrictedSCM", "", "y");
WriteAdvancedCheck(ui.chkRestrictServices, "RunServicesAsSystem", "", "y");
WriteAdvancedCheck(ui.chkProtectSystem, "ExposeBoxedSystem", "", "y");
WriteAdvancedCheck(ui.chkOpenDevCMApi, "OpenDevCMApi", "n", "");
WriteAdvancedCheck(ui.chkOpenLsaSSPI, "BlockPassword", "", "n"); // OpenLsaSSPI
WriteAdvancedCheck(ui.chkOpenLsaSSPI, "BlockPassword", "n", ""); // OpenLsaSSPI
WriteAdvancedCheck(ui.chkOpenSamEndpoint, "OpenSamEndpoint", "n", "");
WriteAdvancedCheck(ui.chkOpenLsaEndpoint, "OpenLsaEndpoint", "n", "");
@ -1923,7 +1925,7 @@ void COptionsWindow::SaveRecoveryList()
m_pBox->UpdateTextList("RecoverFolder", RecoverFolder, m_Template);
m_pBox->UpdateTextList("AutoRecoverIgnore", AutoRecoverIgnore, m_Template);
m_pBox->SetBool("AutoRecover", ui.chkAutoRecovery->isChecked());
WriteAdvancedCheck(ui.chkAutoRecovery, "AutoRecover", "y", "");
m_RecoveryChanged = false;
}
@ -2134,9 +2136,9 @@ void COptionsWindow::LoadTemplates()
QString Name = *I++;
QString Category = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Class", 0x40000000L); // CONF_GET_NO_GLOBAL);
QString Title = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Title", 0x40000000L); // CONF_GET_NO_GLOBAL);
/*QString Hide = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Hide", 0x40000000L); // CONF_GET_NO_GLOBAL);
QString Hide = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Hide", 0x40000000L); // CONF_GET_NO_GLOBAL);
if (Hide == "y" || Hide == "Y")
continue;*/
continue;
if (Name == "Template_ScreenReader")
continue;

View File

@ -357,8 +357,18 @@ void CSettingsWindow::OnTab()
QSharedPointer<CSbieIni> pTemplate = QSharedPointer<CSbieIni>(new CSbieIni("Template_" + I.key(), theAPI));
QString Title = pTemplate->GetText("Tmpl.Title");
if (Title.left(1) == "#")
{
int End = Title.mid(1).indexOf(",");
if (End == -1) End = Title.length() - 1;
int MsgNum = Title.mid(1, End).toInt();
Title = theAPI->GetSbieMsgStr(MsgNum, theGUI->m_LanguageId).arg(Title.mid(End + 2)).arg("");
}
//if (Title.isEmpty()) Title = Name;
QTreeWidgetItem* pItem = new QTreeWidgetItem();
pItem->setText(0, pTemplate->GetText("Tmpl.Title"));
pItem->setText(0, Title);
pItem->setData(0, Qt::UserRole, I.key());
pItem->setCheckState(0, (I.value() & CSbieTemplates::eDisabled) == 0 ? Qt::Checked : Qt::Unchecked);
ui.treeCompat->addTopLevelItem(pItem);

View File

@ -2,7 +2,7 @@
#define VERSION_MJR 0
#define VERSION_MIN 7
#define VERSION_REV 4
#define VERSION_REV 5
#define VERSION_UPD 0
#ifndef STR