From f782bdb6df2d629f023733012b385955c5e389df Mon Sep 17 00:00:00 2001
From: offhub <6871698+offhub@users.noreply.github.com>
Date: Mon, 22 Jul 2024 17:49:57 +0300
Subject: [PATCH] fixes ui of job object limit restrictions
---
Sandboxie/core/dll/sbieapi.c | 4 +-
SandboxiePlus/SandMan/Forms/OptionsWindow.ui | 208 +++++++++++-------
.../SandMan/Windows/OptionsAdvanced.cpp | 65 +++++-
.../SandMan/Windows/OptionsGeneral.cpp | 11 -
4 files changed, 192 insertions(+), 96 deletions(-)
diff --git a/Sandboxie/core/dll/sbieapi.c b/Sandboxie/core/dll/sbieapi.c
index 66b52bc2..18b85a18 100644
--- a/Sandboxie/core/dll/sbieapi.c
+++ b/Sandboxie/core/dll/sbieapi.c
@@ -1477,7 +1477,7 @@ _FX BOOLEAN SbieApi_QueryConfBool(
//---------------------------------------------------------------------------
-// SbieApi_QueryConfBool
+// SbieApi_QueryConfNumber
//---------------------------------------------------------------------------
@@ -1507,7 +1507,7 @@ _FX ULONG SbieApi_QueryConfNumber(
//---------------------------------------------------------------------------
-// SbieApi_QueryConfBool
+// SbieApi_QueryConfNumber64
//---------------------------------------------------------------------------
diff --git a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
index 9f4ac0f3..558a077c 100644
--- a/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
+++ b/SandboxiePlus/SandMan/Forms/OptionsWindow.ui
@@ -45,7 +45,7 @@
QTabWidget::North
- 3
+ 1
@@ -55,7 +55,7 @@
-
- 2
+ 0
@@ -1095,7 +1095,7 @@
-
- 4
+ 3
@@ -1579,6 +1579,71 @@
-
+
-
+
+
+ Qt::Vertical
+
+
+
+ 20
+ 40
+
+
+
+
+ -
+
+
+
+ 75
+ true
+ true
+
+
+
+ Protect the system from sandboxed processes
+
+
+ Limit restrictions
+
+
+
+ -
+
+
+
+ 125
+ 16777215
+
+
+
+ Leave it blank to disable the setting
+
+
+ unlimited
+
+
+
+ -
+
+
+
+ 0
+ 0
+
+
+
+
+ 16
+ 0
+
+
+
+
+
+
+
-
@@ -1586,7 +1651,30 @@
- -
+
-
+
+
+
+ 125
+ 16777215
+
+
+
+ Leave it blank to disable the setting
+
+
+ unlimited
+
+
+
+ -
+
+
+ Allow use of nested job objects (works on Windows 8 and later)
+
+
+
+ -
Add sandboxed processes to job objects (recommended)
@@ -1610,13 +1698,6 @@
- -
-
-
- Total Processes Memory Limit:
-
-
-
-
@@ -1624,35 +1705,7 @@
- -
-
-
- Leave it blank to disable the setting(Unit:KB)
-
-
-
- -
-
-
- Leave it blank to disable the setting(Unit:KB)
-
-
-
- -
-
-
- Leave it blank to disable the setting
-
-
-
- -
-
-
- Allow use of nested job objects (works on Windows 8 and later)
-
-
-
- -
+
-
Qt::Horizontal
@@ -1665,52 +1718,47 @@
- -
-
-
- Qt::Vertical
-
-
-
- 20
- 40
-
-
-
-
- -
-
-
-
- 0
- 0
-
-
-
-
- 16
- 0
-
-
+
-
+
-
+ bytes
- -
-
-
-
- 75
- true
- true
-
+
-
+
+
+
+ 125
+ 16777215
+
- Protect the system from sandboxed processes
+ Leave it blank to disable the setting
+
+ unlimited
+
+
+
+ -
+
- Limit restrictions
+ Total Processes Memory Limit:
+
+
+
+ -
+
+
+ bytes
+
+
+
+ -
+
+
+
@@ -5181,8 +5229,8 @@ instead of "*".
0
0
- 75
- 16
+ 98
+ 28
diff --git a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
index 848f37ce..253a64b1 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
@@ -17,6 +17,11 @@ void COptionsWindow::CreateAdvanced()
connect(ui.chkElevateCreateProcessFix, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkNoWindowRename, SIGNAL(clicked(bool)), this, SLOT(OnNoWindowRename()));
connect(ui.chkNestedJobs, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
+
+ connect(ui.txtSingleMemory, SIGNAL(textChanged(const QString&)), this, SLOT(OnAdvancedChanged()));
+ connect(ui.txtTotalMemory, SIGNAL(textChanged(const QString&)), this, SLOT(OnAdvancedChanged()));
+ connect(ui.txtTotalNumber, SIGNAL(textChanged(const QString&)), this, SLOT(OnAdvancedChanged()));
+
connect(ui.chkUseSbieDeskHack, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkUseSbieWndStation, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
@@ -141,6 +146,18 @@ void COptionsWindow::LoadAdvanced()
ui.chkAddToJob->setChecked(!m_pBox->GetBool("NoAddProcessToJob", false));
ui.chkNestedJobs->setChecked(m_pBox->GetBool("AllowBoxedJobs", false));
+ qint64 iSingleMemory = m_pBox->GetNum64("ProcessMemoryLimit", 0);
+ if (iSingleMemory > 0x0LL && iSingleMemory <= 0x7FFFFFFFFFFFFFFFLL)
+ ui.txtSingleMemory->setText(QString::number(iSingleMemory));
+
+ qint64 iTotalMemory = m_pBox->GetNum64("TotalMemoryLimit", 0);
+ if (iTotalMemory > 0x0LL && iTotalMemory <= 0x7FFFFFFFFFFFFFFFLL)
+ ui.txtTotalMemory->setText(QString::number(iTotalMemory));
+
+ qint64 iTotalNumber = m_pBox->GetNum64("ProcessNumberLimit", 0);
+ if (iTotalNumber > 0x0LL && iTotalNumber <= 0xFFFFFFFFLL)
+ ui.txtTotalNumber->setText(QString::number(iTotalNumber));
+
ui.chkUseSbieDeskHack->setChecked(m_pBox->GetBool("UseSbieDeskHack", true));
ui.chkUseSbieWndStation->setChecked(m_pBox->GetBool("UseSbieWndStation", true));
@@ -380,6 +397,25 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkAddToJob, "NoAddProcessToJob", "", "y");
WriteAdvancedCheck(ui.chkProtectSCM, "UnrestrictedSCM", "", "y");
WriteAdvancedCheck(ui.chkNestedJobs, "AllowBoxedJobs", "y", "");
+
+ qint64 iSingleMemory = !ui.txtSingleMemory->text().isEmpty() ? ui.txtSingleMemory->text().toLongLong() : -1;
+ if (iSingleMemory > 0x0LL && iSingleMemory <= 0x7FFFFFFFFFFFFFFFLL)
+ WriteText("ProcessMemoryLimit", QString::number(iSingleMemory));
+ else
+ m_pBox->DelValue("ProcessMemoryLimit");
+
+ qint64 iTotalMemory = !ui.txtTotalMemory->text().isEmpty() ? ui.txtTotalMemory->text().toLongLong() : -1;
+ if (iTotalMemory > 0x0LL && iTotalMemory <= 0x7FFFFFFFFFFFFFFFLL)
+ WriteText("TotalMemoryLimit", QString::number(iTotalMemory));
+ else
+ m_pBox->DelValue("TotalMemoryLimit");
+
+ qint64 iTotalNumber = !ui.txtTotalNumber->text().isEmpty() ? ui.txtTotalNumber->text().toLongLong() : -1;
+ if (iTotalNumber > 0x0LL && iTotalNumber <= 0xFFFFFFFFLL)
+ WriteText("ProcessNumberLimit", QString::number(iTotalNumber));
+ else
+ m_pBox->DelValue("ProcessNumberLimit");
+
WriteAdvancedCheck(ui.chkRestrictServices, "RunServicesAsSystem", "", "y");
WriteAdvancedCheck(ui.chkElevateRpcss, "RunRpcssAsSystem", "y", "");
WriteAdvancedCheck(ui.chkProtectSystem, "ExposeBoxedSystem", "", "y");
@@ -668,9 +704,32 @@ void COptionsWindow::UpdateJobOptions()
bool bUseJobObject = !IsAllWndOpen && ui.chkAddToJob->isChecked();
ui.chkNestedJobs->setEnabled(bUseJobObject);
- ui.lineSingleMemory->setEnabled(bUseJobObject);
- ui.lineTotalMemory->setEnabled(bUseJobObject);
- ui.lineTotalNumber->setEnabled(bUseJobObject);
+ qint64 iSingleMemory = ui.txtSingleMemory->text().toLongLong();
+ if (iSingleMemory == 0x0LL || iSingleMemory > 0x7FFFFFFFFFFFFFFFLL) {
+ ui.lblSingleMemory->setText(tr("bytes (unlimited)"));
+ }
+ else {
+ ui.lblSingleMemory->setText(tr("bytes (%1)").arg(FormatSize(iSingleMemory)));
+ }
+ ui.txtSingleMemory->setEnabled(bUseJobObject);
+
+ qint64 iTotalMemory = ui.txtTotalMemory->text().toLongLong();
+ if (iTotalMemory == 0x0LL || iTotalMemory > 0x7FFFFFFFFFFFFFFFLL) {
+ ui.lblTotalMemory->setText(tr("bytes (unlimited)"));
+ }
+ else {
+ ui.lblTotalMemory->setText(tr("bytes (%1)").arg(FormatSize(iTotalMemory)));
+ }
+ ui.txtTotalMemory->setEnabled(bUseJobObject);
+
+ qint64 iTotalNumber = ui.txtTotalNumber->text().toLongLong();
+ if (iTotalNumber == 0X0LL || iTotalNumber > 0xFFFFFFFFLL) {
+ ui.lblTotalNumber->setText(tr("unlimited"));
+ }
+ else {
+ ui.lblTotalNumber->setText("");
+ }
+ ui.txtTotalNumber->setEnabled(bUseJobObject);
}
void COptionsWindow::CheckOpenCOM()
diff --git a/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp b/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
index c2bd7864..fe357174 100644
--- a/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
+++ b/SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
@@ -282,10 +282,6 @@ void COptionsWindow::LoadGeneral()
ui.chkOpenSpooler->setChecked(m_pBox->GetBool("OpenPrintSpooler", false));
ui.chkPrintToFile->setChecked(m_pBox->GetBool("AllowSpoolerPrintToFile", false));
- ui.lineSingleMemory->setText(m_pBox->GetText("ProcessMemoryLimit", ""));
- ui.lineTotalMemory->setText(m_pBox->GetText("TotalMemoryLimit", ""));
- ui.lineTotalNumber->setText(m_pBox->GetText("TotalNumberLimit", ""));
-
//ui.chkOpenProtectedStorage->setChecked(m_pBox->GetBool("OpenProtectedStorage", false));
ui.chkOpenProtectedStorage->setChecked(m_BoxTemplates.contains("OpenProtectedStorage"));
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
@@ -426,13 +422,6 @@ void COptionsWindow::SaveGeneral()
WriteAdvancedCheck(ui.chkOpenSpooler, "OpenPrintSpooler", "y", "");
WriteAdvancedCheck(ui.chkPrintToFile, "AllowSpoolerPrintToFile", "y", "");
- if (!ui.lineSingleMemory->text().isEmpty()) WriteText("ProcessMemoryLimit", ui.lineSingleMemory->text());
- else m_pBox->DelValue("ProcessMemoryLimit");
- if (!ui.lineTotalMemory->text().isEmpty()) WriteText("TotalMemoryLimit", ui.lineTotalMemory->text());
- else m_pBox->DelValue("TotalMemoryLimit");
- if (!ui.lineTotalNumber->text().isEmpty()) WriteText("ProcessNumberLimit", ui.lineTotalNumber->text());
- else m_pBox->DelValue("ProcessNumberLimit");
-
//WriteAdvancedCheck(ui.chkOpenProtectedStorage, "OpenProtectedStorage", "y", "");
SetTemplate("OpenProtectedStorage", ui.chkOpenProtectedStorage->isChecked());
if (ui.chkOpenCredentials->isEnabled())