diff --git a/CHANGELOG.md b/CHANGELOG.md index 883d5086..d3788ac4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -16,10 +16,31 @@ This project adheres to [Semantic Versioning](http://semver.org/). -## [0.7.4 / 5.49.7] - 2021-04-11 + + +## [0.7.5 / 5.49.8] - 2021-06-05 ### Added -- added option to disable file migration prompt in the Plus UI by using "PromptForFileMigration=n" +- with "OpenClipboard=n" clipboard access for a sandbox can be now disabled + +### Changed +- now by default the OpenBluetooth template is enabled to enable compatybility with unity games +- "PreferExternalManifest=program.exe,y" can now be set on a per process basis + +### Fixed +- fixed compiled issues with the most recent vs2019 update +- fixed issue with vivaldi browser +- fixed some issues with box options in the plus ui +- fixed some issues with hw acceleration in chromium based browsers +- the stop all command now issues "kmdutill scandll" first to solve issues when the SbieDll.Dll is in use +- workaround for electorn apps, by forcing a additional commandline argument on the gpu renderer process + + + +## [0.7.4 / 5.49.7] - 2021-04-12 + +### Added +- added option to disable file migration prompt - added UI options for various security isolation features - added missing functionality to set template values in the Plus UI diff --git a/Sandboxie/apps/control/AppPage.cpp b/Sandboxie/apps/control/AppPage.cpp index 0e1fa61a..be84f7af 100644 --- a/Sandboxie/apps/control/AppPage.cpp +++ b/Sandboxie/apps/control/AppPage.cpp @@ -770,7 +770,7 @@ void CAppPage::Folders_OnInitDialog(CBox &box) while (! tmpl_names.IsEmpty()) { CString tmpl_name = tmpl_names.RemoveHead(); - CString varname = ini.GetTemplateVariable(tmpl_name); + CString varname = ini.GetTemplateVariable(tmpl_name); // fix-me: there may be more than one folder per template if (varname.IsEmpty()) continue; @@ -1555,4 +1555,31 @@ void CAppPage::SetDefaultTemplates8(CBox& box) { box.EnableTemplate(L"FileCopy", TRUE); box.EnableTemplate(L"SkipHook", TRUE); + SetDefaultTemplates9(box); +} + +//--------------------------------------------------------------------------- +// SetDefaultTemplates9 +//--------------------------------------------------------------------------- + + +void CAppPage::SetDefaultTemplates9(CBox& box) +{ + CSbieIni &ini = CSbieIni::GetInstance(); + + // fix the unfortunate typo + if (box.IsTemplateEnabled(L"FileCppy")) { + box.EnableTemplate(L"FileCopy", TRUE); + box.EnableTemplate(L"FileCppy", FALSE); + } + + box.EnableTemplate(L"WindowsFontCache", FALSE); + + BOOL bHardened = FALSE; + ini.GetBool(box.GetName(), L"DropAdminRights", bHardened, FALSE); + if (!bHardened) { + // enable those templates only for non hardened boxes + box.EnableTemplate(L"OpenBluetooth", TRUE); + box.EnableTemplate(L"OpenSmartCard", TRUE); + } } diff --git a/Sandboxie/apps/control/AppPage.h b/Sandboxie/apps/control/AppPage.h index eb24aca3..5f500b4d 100644 --- a/Sandboxie/apps/control/AppPage.h +++ b/Sandboxie/apps/control/AppPage.h @@ -127,6 +127,7 @@ public: static void SetDefaultTemplates6(CBox &box); static void SetDefaultTemplates7(CBox &box); static void SetDefaultTemplates8(CBox& box); + static void SetDefaultTemplates9(CBox& box); }; diff --git a/Sandboxie/apps/control/Box.cpp b/Sandboxie/apps/control/Box.cpp index 0d7a9fad..00d6af62 100644 --- a/Sandboxie/apps/control/Box.cpp +++ b/Sandboxie/apps/control/Box.cpp @@ -226,18 +226,23 @@ void CBox::SetDefaultSettings() int cfglvl; ini.GetNum(m_name, _ConfigLevel, cfglvl); - if (cfglvl >= 8) + if (cfglvl >= 9) return; BOOL ok = TRUE; if (cfglvl >= 1) { - ok = ini.SetNum(m_name, _ConfigLevel, 8); + ok = ini.SetNum(m_name, _ConfigLevel, 9); if (ok) { - if (cfglvl == 7) { + if (cfglvl == 8) { + + CAppPage::SetDefaultTemplates9(*this); + + } + else if (cfglvl == 7) { CAppPage::SetDefaultTemplates8(*this); @@ -255,7 +260,7 @@ void CBox::SetDefaultSettings() goto done; } - ok = ini.SetNum(m_name, _ConfigLevel, 8); + ok = ini.SetNum(m_name, _ConfigLevel, 9); if (ok) { diff --git a/Sandboxie/common/my_version.h b/Sandboxie/common/my_version.h index d54af237..fac042bf 100644 --- a/Sandboxie/common/my_version.h +++ b/Sandboxie/common/my_version.h @@ -21,8 +21,8 @@ #ifndef _MY_VERSION_H #define _MY_VERSION_H -#define MY_VERSION_BINARY 5,49,7 -#define MY_VERSION_STRING "5.49.7" +#define MY_VERSION_BINARY 5,49,8 +#define MY_VERSION_STRING "5.49.8" #define MY_VERSION_COMPAT "5.49.0" // this refers to the driver ABI compatibility // These #defines are used by either Resource Compiler, or by NSIC installer diff --git a/Sandboxie/core/dll/custom.c b/Sandboxie/core/dll/custom.c index 75c5081a..5d376af2 100644 --- a/Sandboxie/core/dll/custom.c +++ b/Sandboxie/core/dll/custom.c @@ -1449,7 +1449,7 @@ _FX BOOLEAN Custom_SYSFER_DLL(HMODULE hmodule) //--------------------------------------------------------------------------- -_FX void Custom_Load_UxTheme(void) +/*_FX void Custom_Load_UxTheme(void) { // // Google Chrome sandbox process is started with limited privileges @@ -1473,4 +1473,4 @@ _FX void Custom_Load_UxTheme(void) SystemParametersInfo(SPI_GETFONTSMOOTHING, 0, &v, 0); } } -} +}*/ diff --git a/Sandboxie/core/dll/dll.h b/Sandboxie/core/dll/dll.h index 800b9079..2392aad8 100644 --- a/Sandboxie/core/dll/dll.h +++ b/Sandboxie/core/dll/dll.h @@ -733,7 +733,7 @@ BOOLEAN MsCorEE_Init(HMODULE hmodule); void Custom_ComServer(void); -void Custom_Load_UxTheme(void); +//void Custom_Load_UxTheme(void); NTSTATUS StopTailCallOptimization(NTSTATUS status); diff --git a/Sandboxie/core/dll/dllmain.c b/Sandboxie/core/dll/dllmain.c index 30d6a0c8..20d948b0 100644 --- a/Sandboxie/core/dll/dllmain.c +++ b/Sandboxie/core/dll/dllmain.c @@ -475,7 +475,9 @@ _FX void Dll_InitExeEntry(void) // force load of UxTheme in a Google Chrome sandbox process // - Custom_Load_UxTheme(); + // Note: this does not seam to longer be needed for modern chrome builds, also it breaks the vivaldi browser + + //Custom_Load_UxTheme(); UserEnv_InitVer(Dll_OsBuild >= 7600 ? Dll_KernelBase : Dll_Kernel32); // in KernelBase since win 7 diff --git a/Sandboxie/core/dll/file_misc.c b/Sandboxie/core/dll/file_misc.c index 66028af4..798651a3 100644 --- a/Sandboxie/core/dll/file_misc.c +++ b/Sandboxie/core/dll/file_misc.c @@ -506,6 +506,7 @@ _FX ULONG File_GetTempPathW(ULONG nBufferLength, WCHAR *lpBuffer) return rc; } +//BOOLEAN RpcRt_TestCallingModule(ULONG_PTR pRetAddr, ULONG_PTR hModule); BOOL File_WriteProcessMemory( HANDLE hProcess, @@ -519,6 +520,7 @@ BOOL File_WriteProcessMemory( // if (lpBaseAddress && lpBaseAddress == GetProcAddress(Dll_Ntdll, "NtSetInformationThread")) + //if (RpcRt_TestCallingModule((ULONG_PTR)lpBaseAddress, (ULONG_PTR)Dll_Ntdll)) { if (lpNumberOfBytesWritten) { diff --git a/Sandboxie/core/dll/gui.c b/Sandboxie/core/dll/gui.c index 12c8f468..250bc7cd 100644 --- a/Sandboxie/core/dll/gui.c +++ b/Sandboxie/core/dll/gui.c @@ -1239,11 +1239,13 @@ _FX HWND Gui_CreateWindowExW( // note: the desktop window was made accessible in early v4 builds // but this code is still here to handle any other parent windows // - - if (Dll_ChromeSandbox) { + // note: this code breaks chrome hw acceleration, so its no longer used + // + + /*if (Dll_ChromeSandbox) { dwStyle |= WS_CHILD; hWndParent = HWND_MESSAGE; - } + }*/ // // replace title on windows that have no parent diff --git a/Sandboxie/core/dll/guititle.c b/Sandboxie/core/dll/guititle.c index b14c403d..35000808 100644 --- a/Sandboxie/core/dll/guititle.c +++ b/Sandboxie/core/dll/guititle.c @@ -69,7 +69,7 @@ _FX BOOLEAN Gui_InitTitle(void) // SbieApi_QueryConfAsIs(NULL, L"BoxNameTitle", 0, buf, sizeof(buf)); - if (*buf == L'y' || *buf == L'Y') { + if (*buf == L'y' || *buf == L'Y') { // indicator + box name UNICODE_STRING uni; @@ -84,8 +84,9 @@ _FX BOOLEAN Gui_InitTitle(void) RtlInitUnicodeString(&uni, Gui_BoxNameTitleW); RtlUnicodeStringToAnsiString(&Gui_BoxNameTitleA, &uni, TRUE); - } else if (*buf == L'-') + } else if (*buf == L'-') // don't alter boxed window titles at all Gui_DisableTitle = TRUE; + // else if(*buf == L'n' || *buf == L'N') means show indicator but not box name Gui_TitleSuffixW_len = wcslen(Gui_TitleSuffixW); Gui_TitleSuffixA_len = strlen(Gui_TitleSuffixA); diff --git a/Sandboxie/core/dll/proc.c b/Sandboxie/core/dll/proc.c index 5e3fadb1..b38d5840 100644 --- a/Sandboxie/core/dll/proc.c +++ b/Sandboxie/core/dll/proc.c @@ -356,6 +356,35 @@ _FX BOOLEAN Proc_Init(void) SBIEDLL_HOOK(Proc_,RtlCreateProcessParametersEx); } + // + // UpdateProcThreadAttribute + // + + // fix for chrome 86+ + if (Dll_OsBuild >= 7600) { + void* UpdateProcThreadAttribute = NULL; + RtlInitString(&ansi, "UpdateProcThreadAttribute"); + status = LdrGetProcedureAddress( + Dll_KernelBase, &ansi, 0, (void **)&UpdateProcThreadAttribute); + if (NT_SUCCESS(status)) + SBIEDLL_HOOK(Proc_, UpdateProcThreadAttribute); + } + + // + // SetProcessMitigationPolicy + // + + // fox for SBIE2303 Could not hook ... (33, 1655) due to mitigation policies + if (Dll_OsBuild >= 8400) // win8 + { + void* SetProcessMitigationPolicy = NULL; + RtlInitString(&ansi, "SetProcessMitigationPolicy"); + status = LdrGetProcedureAddress( + Dll_KernelBase, &ansi, 0, (void**)&SetProcessMitigationPolicy); + if (NT_SUCCESS(status)) + SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy); + } + // // CreateProcessInternal // @@ -373,27 +402,6 @@ _FX BOOLEAN Proc_Init(void) Dll_Kernel32, &ansi, 0, (void **)&CreateProcessInternalW); } - // fix for chrome 86+ - if (Dll_OsBuild >= 7600) { - void* UpdateProcThreadAttribute = NULL; - RtlInitString(&ansi, "UpdateProcThreadAttribute"); - status = LdrGetProcedureAddress( - Dll_KernelBase, &ansi, 0, (void **)&UpdateProcThreadAttribute); - if (NT_SUCCESS(status)) - SBIEDLL_HOOK(Proc_, UpdateProcThreadAttribute); - } - - // fox for SBIE2303 Could not hook ... (33, 1655) due to mitigation policies - if (Dll_OsBuild >= 8400) // win8 - { - void* SetProcessMitigationPolicy = NULL; - RtlInitString(&ansi, "SetProcessMitigationPolicy"); - status = LdrGetProcedureAddress( - Dll_KernelBase, &ansi, 0, (void**)&SetProcessMitigationPolicy); - if (NT_SUCCESS(status)) - SBIEDLL_HOOK(Proc_, SetProcessMitigationPolicy); - } - if(Dll_OsBuild < 17677) { SBIEDLL_HOOK(Proc_,CreateProcessInternalW); @@ -1104,6 +1112,7 @@ _FX BOOL Proc_CreateProcessInternalW_RS5( ULONG err; BOOL ok; BOOL resume_thread = FALSE; + WCHAR* lpAlteredCommandLine = NULL; Proc_LastCreatedProcessHandle = NULL; @@ -1118,6 +1127,31 @@ _FX BOOL Proc_CreateProcessInternalW_RS5( return ok; } + // + // Electron based applications which work like chrome seam to fail with HW acceleration even when + // thay get the same treatment as chrome and chromium derivatives. + // hack: by adding a parameter to the gpu renderer process we can fix the issue. + // + + if (Dll_ImageType == DLL_IMAGE_UNSPECIFIED) + { + if(lpApplicationName && lpCommandLine) + { + WCHAR* backslash = wcsrchr(lpApplicationName, L'\\'); + if ((backslash && _wcsicmp(backslash + 1, Dll_ImageName) == 0) + && wcsstr(lpCommandLine, L" --type=gpu-process") + && !wcsstr(lpCommandLine, L" --use-gl=swiftshader-webgl")) { + + lpAlteredCommandLine = Dll_Alloc((wcslen(lpCommandLine) + 32 + 1) * sizeof(WCHAR)); + + wcscpy(lpAlteredCommandLine, lpCommandLine); + wcscat(lpAlteredCommandLine, L" --use-gl=swiftshader-webgl"); + + lpCommandLine = lpAlteredCommandLine; + } + } + } + // // hack: recent versions of Flash Player use the Chrome sandbox // architecture which conflicts with our restricted process model @@ -1196,8 +1230,6 @@ _FX BOOL Proc_CreateProcessInternalW_RS5( if (lpCommandLine) { wcscat(buf, lpCommandLine); } - else - TlsData->proc_command_line = NULL; TlsData->proc_command_line = buf; @@ -1391,6 +1423,9 @@ finish: if (lpCurrentDirectory && lpCurrentDirectory != SaveCurrentDirectory) Dll_Free(lpCurrentDirectory); + if(lpAlteredCommandLine) + Dll_Free(lpAlteredCommandLine); + if (TlsData->proc_image_path) { Dll_Free(TlsData->proc_image_path); TlsData->proc_image_path = NULL; @@ -1424,7 +1459,7 @@ _FX BOOL Proc_AlternateCreateProcess( BOOL *ReturnValue) { if (SbieApi_QueryConfBool(NULL, L"BlockSoftwareUpdaters", TRUE)) - if (Proc_IsSoftwareUpdateW(lpApplicationName)) { + if (Proc_IsSoftwareUpdateW(lpApplicationName ? lpApplicationName : lpCommandLine)) { SetLastError(ERROR_ACCESS_DENIED); *ReturnValue = FALSE; @@ -2324,6 +2359,15 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path) MatchDir = L"\\google\\update\\"; SoftName = L"Google Chrome"; + } else if (Dll_ImageType == DLL_IMAGE_SANDBOXIE_DCOMLAUNCH) { + + if (! Proc_IsProcessRunning(L"msedge.exe")) + return FALSE; + + MatchExe = L"microsoftedgeupdatebroker.exe"; + MatchDir = L"\\microsoft\\edgeupdate"; + SoftName = L"Microsoft Edge"; + } else return FALSE; @@ -2334,7 +2378,7 @@ _FX BOOLEAN Proc_IsSoftwareUpdateW(const WCHAR *path) IsUpdate = FALSE; backslash = wcsrchr(path, L'\\'); - if (backslash && _wcsicmp(backslash + 1, MatchExe) == 0) { + if (backslash && _wcsnicmp(backslash + 1, MatchExe, wcslen(MatchExe)) == 0) { ULONG len = wcslen(path) + 1; WCHAR *path2 = Dll_AllocTemp(len * sizeof(WCHAR)); diff --git a/Sandboxie/core/dll/sxs.c b/Sandboxie/core/dll/sxs.c index 934a605c..862b1527 100644 --- a/Sandboxie/core/dll/sxs.c +++ b/Sandboxie/core/dll/sxs.c @@ -1981,8 +1981,8 @@ _FX BOOLEAN Sxs_KeyCallback(const WCHAR *path, HANDLE *out_handle) // a pre-set value for PreferExternalManifest // - if (!SbieApi_QueryConfBool(NULL, L"PreferExternalManifest", FALSE)) - return FALSE; + if (!Config_GetSettingsForImageName_bool(L"PreferExternalManifest", FALSE)) + return FALSE; THREAD_DATA *TlsData = Dll_GetTlsData(NULL); @@ -2078,8 +2078,8 @@ _FX BOOLEAN Sxs_FileCallback(const WCHAR *path, HANDLE *out_handle) // our installation home directory // - if (!SbieApi_QueryConfBool(NULL, L"PreferExternalManifest", FALSE)) - return FALSE; + if (!Config_GetSettingsForImageName_bool(L"PreferExternalManifest", FALSE)) + return FALSE; THREAD_DATA *TlsData = Dll_GetTlsData(NULL); diff --git a/Sandboxie/core/svc/GuiServer.cpp b/Sandboxie/core/svc/GuiServer.cpp index ab3ebcb0..eb939fd5 100644 --- a/Sandboxie/core/svc/GuiServer.cpp +++ b/Sandboxie/core/svc/GuiServer.cpp @@ -2429,13 +2429,21 @@ ULONG GuiServer::GetClipboardDataSlave(SlaveArgs *args) GUI_GET_CLIPBOARD_DATA_RPL *rpl = (GUI_GET_CLIPBOARD_DATA_RPL *)args->rpl_buf; - //todo: fail if the calling process should not have clipboard access - if (args->req_len != sizeof(GUI_GET_CLIPBOARD_DATA_REQ)) return STATUS_INFO_LENGTH_MISMATCH; rpl->result = 0; + // fail if the calling process should not have clipboard access + WCHAR boxname[48] = { 0 }; + WCHAR exename[128] = { 0 }; + SbieApi_QueryProcess((HANDLE)args->pid, boxname, exename, NULL, NULL); + if (!SbieApi_QueryConfBool(boxname, L"OpenClipboard", TRUE)) + { + rpl->error = ERROR_ACCESS_DENIED; + goto finish; + } + EnterCriticalSection(&m_SlavesLock); if (! OpenClipboard(NULL)) @@ -2495,6 +2503,7 @@ ULONG GuiServer::GetClipboardDataSlave(SlaveArgs *args) LeaveCriticalSection(&m_SlavesLock); +finish: args->rpl_len = sizeof(GUI_GET_CLIPBOARD_DATA_RPL); return STATUS_SUCCESS; } diff --git a/Sandboxie/install/Templates.ini b/Sandboxie/install/Templates.ini index 3948e8d3..9a4f97e7 100644 --- a/Sandboxie/install/Templates.ini +++ b/Sandboxie/install/Templates.ini @@ -2856,7 +2856,7 @@ OpenIpcPath=*\BaseNamedObjects*\{034DBD6D-6784-4CB3-97D8-749947D01F72} [Template_ScreenReader] Tmpl.Title=#4305,JAWS, NVDA, Window-Eyes, System Access Tmpl.Class=Misc -Tmpl.Scan=i +# Tmpl.Scan=i Tmpl.Hide=y OpenIpcPath=\RPC Control\epmapper OpenIpcPath=\RPC Control\OLE* @@ -3166,19 +3166,3 @@ Tmpl.Entry=StrokeIt | StrokeIt [Template_FireFix_for_Win7] -[Template_FileCppy] -Tmpl.Title=#4295 -Tmpl.Class=Misc -DontCopy=*.url -CopyEmpty=*\microsoft\windows\explorer\thumbcache_* -CopyEmpty=*\microsoft\windows\explorer\iconcache_* -# firefox -CopyAlways=*\places.sqlite -CopyAlways=*\xul.mfl -# windows installer etc -CopyAlways=*\qmgr0.dat -CopyAlways=*\qmgr1.dat -CopyAlways=*\infcache.1 -CopyAlways=*\cbs.log -# internet explorer 10 web cache -CopyAlways=*\webcachev*.dat diff --git a/SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.cpp b/SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.cpp new file mode 100644 index 00000000..83b3dab2 --- /dev/null +++ b/SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.cpp @@ -0,0 +1,176 @@ +#include "stdafx.h" +#include "collapsiblegroupbox.h" +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +inline +QWindow *findWindowForWidget(const QWidget *widget) +{ + for (;;) { + QWindow *wh = widget->window()->windowHandle(); + if (wh != nullptr) + return wh; + + widget = qobject_cast(widget->parent()); + if (widget == nullptr) + return nullptr; + } +} + +inline +QScreen * findScreenForWidget(const QWidget *widget) +{ + for (;;) { + QWindow *wh = widget->window()->windowHandle(); + if (wh != nullptr) { + QScreen *scr = wh->screen(); + if (scr != nullptr) + return scr; + } + + widget = qobject_cast(widget->parent()); + if (widget == nullptr) + return nullptr; + } +} + +CCollapsibleGroupBox::CCollapsibleGroupBox(QWidget *parent) : + QGroupBox(parent) +{ + m_clExpButton = new QToolButton(this); + m_clExpButton->setCheckable(true); + + connect(m_clExpButton, &QToolButton::clicked, this, &CCollapsibleGroupBox::onVisibilityChanged); + + QTimer::singleShot(0, this, [this] { + auto wh = findWindowForWidget(this); + if (wh != nullptr) + connect(wh, &QWindow::screenChanged, this, &CCollapsibleGroupBox::onScreenChanged); + }); + + QTimer::singleShot(0, this, &CCollapsibleGroupBox::resizeCollapseButton); +} + +void CCollapsibleGroupBox::collapseLayout(QLayout *lay) +{ + assert(!m_layoutMargins.contains(lay)); + + const int cnt = lay->count(); + for (int idx = 0; idx < cnt; idx++) { + auto lit = lay->itemAt(idx); + + if (lit->widget()) { + auto w = lit->widget(); + if (w != m_clExpButton) + w->setVisible(false); + } + else if (lit->spacerItem()) + collapseSpacer(lit->spacerItem()); + else if (lit->layout()) + collapseLayout(lit->layout()); + } + + m_layoutMargins[lay] = lay->contentsMargins(); + lay->setContentsMargins(0, 0, 0, 0); +} + +void CCollapsibleGroupBox::collapseSpacer(QSpacerItem *spacer) +{ + assert(!m_spacerSizes.contains(spacer)); + + m_spacerSizes[spacer] = {spacer->sizeHint(), spacer->sizePolicy()}; + spacer->changeSize(0, 0); +} + +void CCollapsibleGroupBox::expandLayout(QLayout *lay) +{ + assert(m_layoutMargins.contains(lay)); + + const int cnt = lay->count(); + for (int idx = 0; idx < cnt; idx++) { + auto lit = lay->itemAt(idx); + + if (lit->widget()) + lit->widget()->setVisible(true); + else if (lit->spacerItem()) + expandSpacer(lit->spacerItem()); + else if (lit->layout()) + expandLayout(lit->layout()); + } + + lay->setContentsMargins(m_layoutMargins[lay]); +} + +void CCollapsibleGroupBox::expandSpacer(QSpacerItem *spacer) +{ + assert(m_spacerSizes.contains(spacer)); + + const auto &sz = m_spacerSizes[spacer].first; + const auto &pol = m_spacerSizes[spacer].second; + + spacer->changeSize(sz.width(), sz.height(), pol.horizontalPolicy(), pol.verticalPolicy()); +} + +void CCollapsibleGroupBox::onScreenChanged() +{ + resizeCollapseButton(); +} + +void CCollapsibleGroupBox::onVisibilityChanged() +{ + assert(this->layout() != nullptr); + + if(m_clExpButton->isChecked()) + { + m_layoutMargins.clear(); + m_spacerSizes.clear(); + + collapseLayout(this->layout()); + } + else + { + expandLayout(this->layout()); + } +} + +void CCollapsibleGroupBox::resizeCollapseButton() +{ + const QScreen *scr = findScreenForWidget(this); + + if (scr == nullptr) + return; + + const auto &size = this->size(); + +#ifdef Q_OS_WIN + qreal baseSize = 15.0; + int yOffset = 5; +#else + qreal baseSize = 22.0; + int yOffset = 0; +#endif + + if (scr == nullptr) + return; + + if (QString::compare(QApplication::style()->objectName(), "fusion") == 0) + baseSize = 15.0; + + const qreal dpi = scr->logicalDotsPerInchX(); + const qreal btnSize = floor((baseSize * dpi / 96.0) + 0.5); + + m_clExpButton->setGeometry(size.width() - btnSize, yOffset, btnSize, btnSize); +} + +void CCollapsibleGroupBox::resizeEvent(QResizeEvent *) +{ + resizeCollapseButton(); +} \ No newline at end of file diff --git a/SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.h b/SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.h index df5dd03f..ada63622 100644 --- a/SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.h +++ b/SandboxiePlus/MiscHelpers/Common/CollapsibleGroupBox.h @@ -5,15 +5,18 @@ #include #include #include +#include class QResizeEvent; class CollapseExpandButton; class QSpacerItem; -class CollapsibleGroupBox : public QGroupBox +#include "../mischelpers_global.h" + +class MISCHELPERS_EXPORT CCollapsibleGroupBox : public QGroupBox { public: - explicit CollapsibleGroupBox(QWidget *parent = nullptr); + explicit CCollapsibleGroupBox(QWidget *parent = nullptr); protected: void resizeEvent(QResizeEvent *); @@ -25,7 +28,7 @@ private: void expandLayout(QLayout *layout); void expandSpacer(QSpacerItem *spacer); - CollapseExpandButton *m_clExpButton; + QToolButton *m_clExpButton; QMap m_layoutMargins; QMap> m_spacerSizes; diff --git a/SandboxiePlus/MiscHelpers/Common/TabPanel.cpp b/SandboxiePlus/MiscHelpers/Common/TabPanel.cpp index 2f280104..e8d42152 100644 --- a/SandboxiePlus/MiscHelpers/Common/TabPanel.cpp +++ b/SandboxiePlus/MiscHelpers/Common/TabPanel.cpp @@ -36,11 +36,12 @@ void CTabPanel::ShowTab(int Index, bool bShow) RebuildTabs(ActiveTab, VisibleTabs); } -void CTabPanel::AddTab(QWidget* pWidget, const QString& Name) +int CTabPanel::AddTab(QWidget* pWidget, const QString& Name) { STab Tab{Name, pWidget, true}; m_AllTabs.append(Tab); m_pTabs->addTab(Tab.pWidget, Tab.Name); + return m_AllTabs.count() - 1; } void CTabPanel::SaveTabs(int& ActiveTab, QStringList& VisibleTabs) @@ -64,10 +65,9 @@ void CTabPanel::RebuildTabs(const int ActiveTab, const QStringList& VisibleTabs) { STab& Tab = m_AllTabs[i]; - if (VisibleTabs.size() <= i || VisibleTabs[i].toInt() != 0) + Tab.bVisible = (VisibleTabs.size() <= i || VisibleTabs[i].toInt() != 0); + if (Tab.bVisible) { - Tab.bVisible = true; - m_pTabs->addTab(Tab.pWidget, Tab.Name); if (i == ActiveTab) m_pTabs->setCurrentWidget(Tab.pWidget); diff --git a/SandboxiePlus/MiscHelpers/Common/TabPanel.h b/SandboxiePlus/MiscHelpers/Common/TabPanel.h index eb0d85ba..38dc79ac 100644 --- a/SandboxiePlus/MiscHelpers/Common/TabPanel.h +++ b/SandboxiePlus/MiscHelpers/Common/TabPanel.h @@ -18,11 +18,11 @@ public: virtual int GetTabCount() { return m_AllTabs.size(); } virtual QString GetTabLabel(int Index) { if (Index >= m_AllTabs.size()) return ""; return m_AllTabs[Index].Name; } virtual void ShowTab(int Index, bool bShow); - virtual bool IsTabVisible(int Index) { if (Index >= m_AllTabs.size()) return ""; return m_AllTabs[Index].bVisible; } + virtual bool IsTabVisible(int Index) { if (Index >= m_AllTabs.size()) return false; return m_AllTabs[Index].bVisible; } protected: virtual void InitializeTabs() = 0; - virtual void AddTab(QWidget* pWidget, const QString& Name); + virtual int AddTab(QWidget* pWidget, const QString& Name); virtual void RebuildTabs(const int ActiveTab, const QStringList& VisibleTabs); virtual void SaveTabs(int& ActiveTab, QStringList& VisibleTabs); diff --git a/SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp b/SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp index ed9aaf34..6b3cb5cb 100644 --- a/SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp +++ b/SandboxiePlus/QSbieAPI/Sandboxie/SandBox.cpp @@ -43,9 +43,8 @@ CSandBox::CSandBox(const QString& BoxName, class CSbieAPI* pAPI) : CSbieIni(BoxN // when loading a sandbox that is not initialized, initialize it int cfglvl = GetNum("ConfigLevel"); - if (cfglvl >= 8) + if (cfglvl >= 9) return; - SetNum("ConfigLevel", 8); if (cfglvl == 0) { @@ -84,7 +83,27 @@ CSandBox::CSandBox(const QString& BoxName, class CSbieAPI* pAPI) : CSbieIni(BoxN InsertText("Template", "FileCopy"); InsertText("Template", "SkipHook"); } + + if (cfglvl < 9) + { + // fix the unfortunate typo + if (GetTextList("Template", false).contains("FileCppy")) + { + InsertText("Template", "FileCopy"); + DelValue("Template", "FileCppy"); + } + DelValue("Template", "WindowsFontCache"); + + // templates L9 + if (GetBool("DropAdminRights", false) == false) + { + // enable those templates only for non hardened boxes + InsertText("Template", "OpenBluetooth"); + } + } + + SetNum("ConfigLevel", 9); } CSandBox::~CSandBox() diff --git a/SandboxiePlus/QSbieAPI/SbieUtils.cpp b/SandboxiePlus/QSbieAPI/SbieUtils.cpp index f42c9314..7da9dbb8 100644 --- a/SandboxiePlus/QSbieAPI/SbieUtils.cpp +++ b/SandboxiePlus/QSbieAPI/SbieUtils.cpp @@ -88,6 +88,7 @@ SB_STATUS CSbieUtils::Stop(EComponent Component) void CSbieUtils::Stop(EComponent Component, QStringList& Ops) { + Ops.append(QString::fromWCharArray(L"kmdutil.exe|scandll")); if ((Component & eService) != 0 && GetServiceStatus(SBIESVC) != SERVICE_STOPPED) Ops.append(QString::fromWCharArray(L"kmdutil.exe|stop|" SBIESVC)); if ((Component & eDriver) != 0 && GetServiceStatus(SBIEDRV) != SERVICE_STOPPED) diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui index c2f11eeb..d71438e5 100644 --- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui +++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui @@ -6,7 +6,7 @@ 0 0 - 657 + 660 449 @@ -45,7 +45,7 @@ QTabWidget::West - 9 + 0 @@ -433,42 +433,6 @@ - - - - Remove spooler restriction, printers can be installed outside the sandbox - - - - - - - Qt::Vertical - - - - 20 - 40 - - - - - - - - - 75 - true - - - - Protect the system from sandboxed processes - - - Printing restrictions - - - @@ -476,13 +440,6 @@ - - - - Open System Protected Storage - - - @@ -496,6 +453,26 @@ + + + + Remove spooler restriction, printers can be installed outside the sandbox + + + + + + + Qt::Vertical + + + + 20 + 40 + + + + @@ -503,18 +480,12 @@ - - - - Qt::Horizontal + + + + Open System Protected Storage - - - 40 - 20 - - - + @@ -535,6 +506,35 @@ + + + + + 75 + true + + + + Protect the system from sandboxed processes + + + Printing restrictions + + + + + + + Qt::Horizontal + + + + 40 + 20 + + + + @@ -551,6 +551,13 @@ + + + + Block read access to the clipboard + + + @@ -2076,8 +2083,8 @@ instead of "*". 0 0 - 63 - 16 + 98 + 28 diff --git a/SandboxiePlus/SandMan/SandMan.cpp b/SandboxiePlus/SandMan/SandMan.cpp index fe6359ac..35c790b8 100644 --- a/SandboxiePlus/SandMan/SandMan.cpp +++ b/SandboxiePlus/SandMan/SandMan.cpp @@ -555,8 +555,15 @@ void CSandMan::dragEnterEvent(QDragEnterEvent* e) void CSandMan::dropEvent(QDropEvent* e) { + QStringList Boxes; + foreach(const CSandBoxPtr &pBox, theAPI->GetAllBoxes()) + { + if (pBox->IsEnabled()) + Boxes.append(pBox->GetName().replace("_", " ")); + } + bool ok; - QString box = QInputDialog::getItem(this, "Sandboxie-Plus", tr("Select box:"), theAPI->GetAllBoxes().keys(), 0, false, &ok); + QString box = QInputDialog::getItem(this, "Sandboxie-Plus", tr("Select box:"), Boxes, 0, false, &ok); if (!ok || box.isEmpty()) return; @@ -565,7 +572,7 @@ void CSandMan::dropEvent(QDropEvent* e) continue; QString FileName = url.toLocalFile().replace("/", "\\"); - theAPI->RunStart(box, FileName); + theAPI->RunStart(box.replace(" ", "_"), FileName); } } diff --git a/SandboxiePlus/SandMan/Windows/NewBoxWindow.cpp b/SandboxiePlus/SandMan/Windows/NewBoxWindow.cpp index 7869791e..1a077359 100644 --- a/SandboxiePlus/SandMan/Windows/NewBoxWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/NewBoxWindow.cpp @@ -40,6 +40,8 @@ CNewBoxWindow::CNewBoxWindow(QWidget *parent) ui.cmbTemplates->addItem(tr("Default")); ui.cmbTemplates->setCurrentIndex(eDefault); ui.cmbTemplates->addItem(tr("Legacy Sandboxie Behaviour")); + // leniant + // open foreach(const CSandBoxPtr& pBox, Boxes) ui.cmbBoxes->addItem(pBox->GetName()); @@ -97,14 +99,17 @@ void CNewBoxWindow::CreateBox() { case eHardened: pBox.objectCast()->SetBool("DropAdminRights", true); + //pBox.objectCast()->SetBool("FakeAdminRights", true); // Note: making the app think its dmin has no security downsides,but can help with ompatybility pBox.objectCast()->SetBool("ClosePrintSpooler", true); - //pBox.objectCast()->SetBool("OpenSmartCard", false); break; case eLegacy: pBox.objectCast()->SetBool("UnrestrictedSCM", true); - pBox.objectCast()->SetBool("ExposeBoxedSystem", true); + //pBox.objectCast()->SetBool("ExposeBoxedSystem", true); //pBox.objectCast()->SetBool("RunServicesAsSystem", true); // legacy behavioure but there should be no normal use cases which require this pBox.objectCast()->SetBool("OpenPrintSpooler", true); + pBox.objectCast()->InsertText("Template", "OpenSmartCard"); + default: + pBox.objectCast()->InsertText("Template", "OpenBluetooth"); // most unity games needs that an most modern gmes are unitybased break; } } diff --git a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp index 757ecb36..716abf64 100644 --- a/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/OptionsWindow.cpp @@ -134,7 +134,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer& pBox, const QStri ui.tabs->setTabIcon(9, CSandMan::GetIcon("Template")); ui.tabs->setTabIcon(10, CSandMan::GetIcon("EditIni")); - ui.tabs->setCurrentIndex(0); + ui.tabs->setCurrentIndex(m_Template ? 10 : 0); //connect(ui.chkWithTemplates, SIGNAL(clicked(bool)), this, SLOT(OnWithTemplates())); @@ -165,6 +165,7 @@ COptionsWindow::COptionsWindow(const QSharedPointer& pBox, const QStri connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkOpenProtectedStorage, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); + connect(ui.chkCloseClipBoard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); //connect(ui.chkOpenSmartCard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); //connect(ui.chkOpenBluetooth, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); @@ -453,6 +454,7 @@ void COptionsWindow::LoadConfig() ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false)); ui.chkOpenCredentials->setEnabled(!ui.chkOpenProtectedStorage->isChecked()); ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false)); + ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true)); //ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true)); //ui.chkOpenBluetooth->setChecked(m_pBox->GetBool("OpenBluetooth", false)); @@ -619,18 +621,19 @@ void COptionsWindow::SaveConfig() BorderCfg.append(QString::number(ui.spinBorderWidth->value())); m_pBox->SetText("BorderColor", BorderCfg.join(",")); - m_pBox->SetBool("BlockNetworkFiles", ui.chkBlockNetShare->isChecked()); - m_pBox->SetBool("BlockNetParam", ui.chkBlockNetParam->isChecked()); - m_pBox->SetBool("DropAdminRights", ui.chkDropRights->isChecked()); - m_pBox->SetBool("FakeAdminRights", ui.chkFakeElevation->isChecked()); - - m_pBox->SetBool("ClosePrintSpooler", ui.chkBlockSpooler->isChecked()); - m_pBox->SetBool("OpenPrintSpooler", ui.chkOpenSpooler->isChecked()); - m_pBox->SetBool("AllowSpoolerPrintToFile", ui.chkPrintToFile->isChecked()); + WriteAdvancedCheck(ui.chkBlockNetShare, "BlockNetworkFiles", "", "n"); + WriteAdvancedCheck(ui.chkBlockNetParam, "BlockNetParam", "", "n"); + WriteAdvancedCheck(ui.chkDropRights, "DropAdminRights", "y", ""); + WriteAdvancedCheck(ui.chkFakeElevation, "FakeAdminRights", "y", ""); + + WriteAdvancedCheck(ui.chkBlockSpooler, "ClosePrintSpooler", "y", ""); + WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", ""); + WriteAdvancedCheck(ui.chkPrintToFile, "AllowSpoolerPrintToFile", "y", ""); WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", ""); if (ui.chkOpenCredentials->isEnabled()) WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", ""); + WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", ""); //WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n"); //WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", ""); @@ -656,15 +659,14 @@ void COptionsWindow::SaveConfig() m_pBox->SetNum("CopyLimitKb", ui.chkCopyLimit->isChecked() ? ui.txtCopyLimit->text().toInt() : -1); - m_pBox->SetBool("PromptForFileMigration", ui.chkCopyPrompt->isChecked()); - m_pBox->SetBool("CopyLimitSilent", !ui.chkNoCopyWarn->isChecked()); + WriteAdvancedCheck(ui.chkCopyPrompt, "PromptForFileMigration", "", "n"); + WriteAdvancedCheck(ui.chkNoCopyWarn, "CopyLimitSilent", "", "y"); - m_pBox->SetBool("NeverDelete", ui.chkProtectBox->isChecked()); - m_pBox->SetBool("AutoDelete", ui.chkAutoEmpty->isChecked()); - - m_pBox->SetBool("AllowRawDiskRead", ui.chkRawDiskRead->isChecked()); - m_pBox->SetBool("NotifyDirectDiskAccess", ui.chkRawDiskNotify->isChecked()); + WriteAdvancedCheck(ui.chkProtectBox, "NeverDelete", "y", ""); + WriteAdvancedCheck(ui.chkAutoEmpty, "AutoDelete", "y", ""); + WriteAdvancedCheck(ui.chkRawDiskRead, "AllowRawDiskRead", "y", ""); + WriteAdvancedCheck(ui.chkRawDiskNotify, "NotifyDirectDiskAccess", "y", ""); m_GeneralChanged = false; } @@ -680,15 +682,15 @@ void COptionsWindow::SaveConfig() if (m_StartChanged) { - m_pBox->SetBool("NotifyStartRunAccessDenied", ui.chkStartBlockMsg->isChecked()); + WriteAdvancedCheck(ui.chkStartBlockMsg, "NotifyStartRunAccessDenied", "", "n"); m_StartChanged = false; } if (m_INetBlockChanged) { - m_pBox->SetBool("PromptForInternetAccess", ui.chkINetBlockPrompt->isChecked()); - m_pBox->SetBool("NotifyInternetAccessDenied", ui.chkINetBlockMsg->isChecked()); + WriteAdvancedCheck(ui.chkINetBlockPrompt, "PromptForInternetAccess", "y", ""); + WriteAdvancedCheck(ui.chkINetBlockMsg, "NotifyInternetAccessDenied", "", "n"); m_INetBlockChanged = false; } @@ -701,15 +703,15 @@ void COptionsWindow::SaveConfig() if (m_AdvancedChanged) { - WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "", "y"); - WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "", "y"); + WriteAdvancedCheck(ui.chkPreferExternalManifest, "PreferExternalManifest", "y", ""); + WriteAdvancedCheck(ui.chkUseSbieWndStation, "UseSbieWndStation", "y", ""); WriteAdvancedCheck(ui.chkProtectSCM, "UnrestrictedSCM", "", "y"); WriteAdvancedCheck(ui.chkRestrictServices, "RunServicesAsSystem", "", "y"); WriteAdvancedCheck(ui.chkProtectSystem, "ExposeBoxedSystem", "", "y"); WriteAdvancedCheck(ui.chkOpenDevCMApi, "OpenDevCMApi", "n", ""); - WriteAdvancedCheck(ui.chkOpenLsaSSPI, "BlockPassword", "", "n"); // OpenLsaSSPI + WriteAdvancedCheck(ui.chkOpenLsaSSPI, "BlockPassword", "n", ""); // OpenLsaSSPI WriteAdvancedCheck(ui.chkOpenSamEndpoint, "OpenSamEndpoint", "n", ""); WriteAdvancedCheck(ui.chkOpenLsaEndpoint, "OpenLsaEndpoint", "n", ""); @@ -1923,7 +1925,7 @@ void COptionsWindow::SaveRecoveryList() m_pBox->UpdateTextList("RecoverFolder", RecoverFolder, m_Template); m_pBox->UpdateTextList("AutoRecoverIgnore", AutoRecoverIgnore, m_Template); - m_pBox->SetBool("AutoRecover", ui.chkAutoRecovery->isChecked()); + WriteAdvancedCheck(ui.chkAutoRecovery, "AutoRecover", "y", ""); m_RecoveryChanged = false; } @@ -2134,9 +2136,9 @@ void COptionsWindow::LoadTemplates() QString Name = *I++; QString Category = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Class", 0x40000000L); // CONF_GET_NO_GLOBAL); QString Title = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Title", 0x40000000L); // CONF_GET_NO_GLOBAL); - /*QString Hide = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Hide", 0x40000000L); // CONF_GET_NO_GLOBAL); + QString Hide = m_pBox->GetAPI()->SbieIniGet(Name, "Tmpl.Hide", 0x40000000L); // CONF_GET_NO_GLOBAL); if (Hide == "y" || Hide == "Y") - continue;*/ + continue; if (Name == "Template_ScreenReader") continue; diff --git a/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp b/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp index eda446fe..9328b9ad 100644 --- a/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp +++ b/SandboxiePlus/SandMan/Windows/SettingsWindow.cpp @@ -357,8 +357,18 @@ void CSettingsWindow::OnTab() QSharedPointer pTemplate = QSharedPointer(new CSbieIni("Template_" + I.key(), theAPI)); + QString Title = pTemplate->GetText("Tmpl.Title"); + if (Title.left(1) == "#") + { + int End = Title.mid(1).indexOf(","); + if (End == -1) End = Title.length() - 1; + int MsgNum = Title.mid(1, End).toInt(); + Title = theAPI->GetSbieMsgStr(MsgNum, theGUI->m_LanguageId).arg(Title.mid(End + 2)).arg(""); + } + //if (Title.isEmpty()) Title = Name; + QTreeWidgetItem* pItem = new QTreeWidgetItem(); - pItem->setText(0, pTemplate->GetText("Tmpl.Title")); + pItem->setText(0, Title); pItem->setData(0, Qt::UserRole, I.key()); pItem->setCheckState(0, (I.value() & CSbieTemplates::eDisabled) == 0 ? Qt::Checked : Qt::Unchecked); ui.treeCompat->addTopLevelItem(pItem); diff --git a/SandboxiePlus/version.h b/SandboxiePlus/version.h index 4979be2a..236df5c0 100644 --- a/SandboxiePlus/version.h +++ b/SandboxiePlus/version.h @@ -2,7 +2,7 @@ #define VERSION_MJR 0 #define VERSION_MIN 7 -#define VERSION_REV 4 +#define VERSION_REV 5 #define VERSION_UPD 0 #ifndef STR