mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

UI

This commit is contained in:
love-code-yeyixiao 2024-06-22 19:37:41 +08:00
parent a88a83c8df
commit 9f57abf9c3
2 changed files with 261 additions and 235 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

481
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -7,7 +7,7 @@
<x>0</x> <x>0</x>
<y>0</y> <y>0</y>
<width>835</width> <width>835</width>
<height>475</height> <height>575</height>
</rect> </rect>
</property> </property>
<property name="sizePolicy"> <property name="sizePolicy">
@ -45,7 +45,7 @@
<enum>QTabWidget::North</enum> <enum>QTabWidget::North</enum>
</property> </property>
<property name="currentIndex"> <property name="currentIndex">
<number>1</number> <number>9</number>
</property> </property>
<widget class="QWidget" name="tabGeneral"> <widget class="QWidget" name="tabGeneral">
<attribute name="title"> <attribute name="title">
@ -1095,7 +1095,7 @@
<item row="0" column="0"> <item row="0" column="0">
<widget class="QTabWidget" name="tabsSecurity"> <widget class="QTabWidget" name="tabsSecurity">
<property name="currentIndex"> <property name="currentIndex">
<number>3</number> <number>4</number>
</property> </property>
<widget class="QWidget" name="tabHarden"> <widget class="QWidget" name="tabHarden">
<attribute name="title"> <attribute name="title">
@ -1597,6 +1597,7 @@
<widget class="QLabel" name="lblJob"> <widget class="QLabel" name="lblJob">
<property name="font"> <property name="font">
<font> <font>
<weight>75</weight>
<bold>true</bold> <bold>true</bold>
<kerning>true</kerning> <kerning>true</kerning>
</font> </font>
@ -1700,6 +1701,7 @@
<widget class="QLabel" name="lblLimit"> <widget class="QLabel" name="lblLimit">
<property name="font"> <property name="font">
<font> <font>
<weight>75</weight>
<bold>true</bold> <bold>true</bold>
<kerning>true</kerning> <kerning>true</kerning>
</font> </font>
@ -1719,6 +1721,7 @@
<widget class="QWidget" name="tabPrivileges"> <widget class="QWidget" name="tabPrivileges">
<property name="font"> <property name="font">
<font> <font>
<weight>50</weight>
<bold>false</bold> <bold>false</bold>
<kerning>true</kerning> <kerning>true</kerning>
</font> </font>
@ -1726,146 +1729,153 @@
<attribute name="title"> <attribute name="title">
<string>Advanced Security</string> <string>Advanced Security</string>
</attribute> </attribute>
<layout class="QGridLayout" name="gridLayout_26"> <layout class="QGridLayout" name="gridLayout_2">
<item row="0" column="1"> <item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_2"> <widget class="QLabel" name="lblPrivilege">
<item row="5" column="1" colspan="3"> <property name="font">
<widget class="QCheckBox" name="chkDropPrivileges"> <font>
<property name="text"> <weight>75</weight>
<string>Drop critical privileges from processes running with a SYSTEM token</string> <bold>true</bold>
</property> <kerning>true</kerning>
</widget> </font>
</item> </property>
<item row="9" column="2"> <property name="toolTip">
<spacer name="horizontalSpacer_13"> <string>Protect the sandbox integrity itself</string>
<property name="orientation"> </property>
<enum>Qt::Horizontal</enum> <property name="text">
</property> <string>Privilege isolation</string>
<property name="sizeHint" stdset="0"> </property>
<size> </widget>
<width>40</width> </item>
<height>20</height> <item row="1" column="1" colspan="2">
</size> <widget class="QCheckBox" name="chkProtectSCM">
</property> <property name="text">
</spacer> <string>Allow only privileged processes to access the Service Control Manager</string>
</item> </property>
<item row="1" column="1" colspan="3"> </widget>
<widget class="QCheckBox" name="chkProtectSCM"> </item>
<property name="text"> <item row="2" column="1" colspan="2">
<string>Allow only privileged processes to access the Service Control Manager</string> <widget class="QCheckBox" name="chkRestrictServices">
</property> <property name="text">
</widget> <string>Do not start sandboxed services using a system token (recommended)</string>
</item> </property>
<item row="8" column="2" colspan="2"> </widget>
<widget class="QLabel" name="label_74"> </item>
<property name="text"> <item row="3" column="1" colspan="2">
<string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string> <widget class="QCheckBox" name="chkElevateRpcss">
</property> <property name="text">
<property name="wordWrap"> <string>Start the sandboxed RpcSs as a SYSTEM process (not recommended)</string>
<bool>true</bool> </property>
</property> </widget>
</widget> </item>
</item> <item row="4" column="1" colspan="2">
<item row="4" column="4"> <widget class="QCheckBox" name="chkProtectSystem">
<widget class="QLabel" name="label_65"> <property name="text">
<property name="font"> <string>Protect sandboxed SYSTEM processes from unprivileged processes</string>
<font> </property>
<bold>true</bold> </widget>
<kerning>true</kerning> </item>
</font> <item row="4" column="3">
</property> <widget class="QLabel" name="label_65">
<property name="text"> <property name="font">
<string>(Security Critical)</string> <font>
</property> <weight>75</weight>
</widget> <bold>true</bold>
</item> <kerning>true</kerning>
<item row="0" column="0"> </font>
<widget class="QLabel" name="lblPrivilege"> </property>
<property name="font"> <property name="text">
<font> <string>(Security Critical)</string>
<bold>true</bold> </property>
<kerning>true</kerning> </widget>
</font> </item>
</property> <item row="5" column="1" colspan="2">
<property name="toolTip"> <widget class="QCheckBox" name="chkDropPrivileges">
<string>Protect the sandbox integrity itself</string> <property name="text">
</property> <string>Drop critical privileges from processes running with a SYSTEM token</string>
<property name="text"> </property>
<string>Privilege isolation</string> </widget>
</property> </item>
</widget> <item row="5" column="3">
</item> <widget class="QLabel" name="label_64">
<item row="2" column="1" colspan="3"> <property name="font">
<widget class="QCheckBox" name="chkRestrictServices"> <font>
<property name="text"> <weight>75</weight>
<string>Do not start sandboxed services using a system token (recommended)</string> <bold>true</bold>
</property> <kerning>true</kerning>
</widget> </font>
</item> </property>
<item row="7" column="1" colspan="4"> <property name="text">
<widget class="QCheckBox" name="chkSbieLogon"> <string>(Security Critical)</string>
<property name="text"> </property>
<string>Use a Sandboxie login instead of an anonymous token</string> </widget>
</property> </item>
</widget> <item row="6" column="0">
</item> <widget class="QLabel" name="lblToken">
<item row="9" column="1"> <property name="font">
<spacer name="verticalSpacer"> <font>
<property name="orientation"> <weight>75</weight>
<enum>Qt::Vertical</enum> <bold>true</bold>
</property> <kerning>true</kerning>
<property name="sizeHint" stdset="0"> </font>
<size> </property>
<width>20</width> <property name="toolTip">
<height>5</height> <string>Protect the sandbox integrity itself</string>
</size> </property>
</property> <property name="text">
</spacer> <string>Sandboxie token</string>
</item> </property>
<item row="3" column="1" colspan="3"> </widget>
<widget class="QCheckBox" name="chkElevateRpcss"> </item>
<property name="text"> <item row="7" column="1" colspan="2">
<string>Start the sandboxed RpcSs as a SYSTEM process (not recommended)</string> <widget class="QCheckBox" name="chkSbieLogon">
</property> <property name="text">
</widget> <string>Use a Sandboxie login instead of an anonymous token</string>
</item> </property>
<item row="4" column="1" colspan="3"> </widget>
<widget class="QCheckBox" name="chkProtectSystem"> </item>
<property name="text"> <item row="8" column="2">
<string>Protect sandboxed SYSTEM processes from unprivileged processes</string> <widget class="QLabel" name="label_74">
</property> <property name="text">
</widget> <string>Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens.</string>
</item> </property>
<item row="5" column="4"> <property name="wordWrap">
<widget class="QLabel" name="label_64"> <bool>true</bool>
<property name="font"> </property>
<font> </widget>
<bold>true</bold> </item>
<kerning>true</kerning> <item row="9" column="1" colspan="2">
</font> <widget class="QCheckBox" name="chkCreateToken">
</property> <property name="text">
<property name="text"> <string>Create a new sandboxed token instead of setting down default token</string>
<string>(Security Critical)</string> </property>
</property> </widget>
</widget> </item>
</item> <item row="10" column="1">
<item row="6" column="0" colspan="2"> <spacer name="verticalSpacer">
<widget class="QLabel" name="lblToken"> <property name="orientation">
<property name="font"> <enum>Qt::Vertical</enum>
<font> </property>
<bold>true</bold> <property name="sizeHint" stdset="0">
<kerning>true</kerning> <size>
</font> <width>20</width>
</property> <height>185</height>
<property name="toolTip"> </size>
<string>Protect the sandbox integrity itself</string> </property>
</property> </spacer>
<property name="text"> </item>
<string>Sandboxie token</string> <item row="10" column="2">
</property> <spacer name="horizontalSpacer_13">
</widget> <property name="orientation">
</item> <enum>Qt::Horizontal</enum>
</layout> </property>
<property name="sizeHint" stdset="0">
<size>
<width>457</width>
<height>20</height>
</size>
</property>
</spacer>
</item> </item>
</layout> </layout>
</widget> </widget>
@ -4042,6 +4052,7 @@ The process match level has a higher priority than the specificity and describes
<widget class="QTabWidget" name="tabsOther"> <widget class="QTabWidget" name="tabsOther">
<property name="font"> <property name="font">
<font> <font>
<weight>50</weight>
<bold>false</bold> <bold>false</bold>
<kerning>true</kerning> <kerning>true</kerning>
</font> </font>
@ -4053,94 +4064,98 @@ The process match level has a higher priority than the specificity and describes
<attribute name="title"> <attribute name="title">
<string>Compatibility</string> <string>Compatibility</string>
</attribute> </attribute>
<layout class="QGridLayout" name="gridLayout_63"> <layout class="QGridLayout" name="gridLayout_26">
<item row="0" column="0"> <item row="0" column="1">
<layout class="QGridLayout" name="gridLayout_62"> <widget class="QCheckBox" name="chkNoPanic">
<item row="3" column="1"> <property name="toolTip">
<widget class="QCheckBox" name="chkElevateCreateProcessFix"> <string>When the global hotkey is pressed 3 times in short succession this exception will be ignored.</string>
<property name="text"> </property>
<string>Apply ElevateCreateProcess Workaround (legacy behaviour)</string> <property name="text">
</property> <string>Exclude this sandbox from being terminated when &quot;Terminate All Processes&quot; is invoked.</string>
</widget> </property>
</item> </widget>
<item row="0" column="1"> </item>
<widget class="QCheckBox" name="chkNoPanic"> <item row="1" column="0">
<property name="toolTip"> <widget class="QLabel" name="lblCompatibility">
<string>When the global hotkey is pressed 3 times in short succession this exception will be ignored.</string> <property name="font">
</property> <font>
<property name="text"> <weight>75</weight>
<string>Exclude this sandbox from being terminated when &quot;Terminate All Processes&quot; is invoked.</string> <bold>true</bold>
</property> <kerning>true</kerning>
</widget> </font>
</item> </property>
<item row="6" column="1"> <property name="text">
<widget class="QCheckBox" name="chkComTimeout"> <string>Compatibility</string>
<property name="text"> </property>
<string>Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues)</string> </widget>
</property> </item>
</widget> <item row="2" column="1">
</item> <widget class="QCheckBox" name="chkPreferExternalManifest">
<item row="4" column="1"> <property name="text">
<widget class="QCheckBox" name="chkUseSbieDeskHack"> <string>Force usage of custom dummy Manifest files (legacy behaviour)</string>
<property name="text"> </property>
<string>Use desktop object workaround for all processes</string> </widget>
</property> </item>
</widget> <item row="3" column="1">
</item> <widget class="QCheckBox" name="chkElevateCreateProcessFix">
<item row="7" column="0"> <property name="text">
<spacer name="verticalSpacer_28"> <string>Apply ElevateCreateProcess Workaround (legacy behaviour)</string>
<property name="orientation"> </property>
<enum>Qt::Vertical</enum> </widget>
</property> </item>
<property name="sizeHint" stdset="0"> <item row="4" column="1">
<size> <widget class="QCheckBox" name="chkUseSbieDeskHack">
<width>20</width> <property name="text">
<height>40</height> <string>Use desktop object workaround for all processes</string>
</size> </property>
</property> </widget>
</spacer> </item>
</item> <item row="5" column="1">
<item row="1" column="0"> <widget class="QCheckBox" name="chkUseSbieWndStation">
<widget class="QLabel" name="lblCompatibility"> <property name="text">
<property name="font"> <string>Emulate sandboxed window station for all processes</string>
<font> </property>
<bold>true</bold> </widget>
<kerning>true</kerning> </item>
</font> <item row="6" column="1">
</property> <widget class="QCheckBox" name="chkComTimeout">
<property name="text"> <property name="text">
<string>Compatibility</string> <string>Disable the use of RpcMgmtSetComTimeout by default (this may resolve compatibility issues)</string>
</property> </property>
</widget> </widget>
</item> </item>
<item row="2" column="1"> <item row="7" column="1">
<widget class="QCheckBox" name="chkPreferExternalManifest"> <widget class="QCheckBox" name="chkForceRestart">
<property name="text"> <property name="text">
<string>Force usage of custom dummy Manifest files (legacy behaviour)</string> <string>Restart force process before they begin to execute</string>
</property> </property>
</widget> </widget>
</item> </item>
<item row="5" column="1"> <item row="8" column="0">
<widget class="QCheckBox" name="chkUseSbieWndStation"> <spacer name="verticalSpacer_28">
<property name="text"> <property name="orientation">
<string>Emulate sandboxed window station for all processes</string> <enum>Qt::Vertical</enum>
</property> </property>
</widget> <property name="sizeHint" stdset="0">
</item> <size>
<item row="7" column="1"> <width>20</width>
<spacer name="horizontalSpacer_12"> <height>263</height>
<property name="orientation"> </size>
<enum>Qt::Horizontal</enum> </property>
</property> </spacer>
<property name="sizeHint" stdset="0"> </item>
<size> <item row="8" column="1">
<width>40</width> <spacer name="horizontalSpacer_12">
<height>20</height> <property name="orientation">
</size> <enum>Qt::Horizontal</enum>
</property> </property>
</spacer> <property name="sizeHint" stdset="0">
</item> <size>
</layout> <width>667</width>
<height>20</height>
</size>
</property>
</spacer>
</item> </item>
</layout> </layout>
</widget> </widget>
@ -5076,8 +5091,8 @@ instead of &quot;*&quot;.</string>
<rect> <rect>
<x>0</x> <x>0</x>
<y>0</y> <y>0</y>
<width>98</width> <width>75</width>
<height>28</height> <height>16</height>
</rect> </rect>
</property> </property>
<layout class="QGridLayout" name="dbgLayout"> <layout class="QGridLayout" name="dbgLayout">

15
SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
View File

@ -30,6 +30,8 @@ void COptionsWindow::CreateAdvanced()
connect(ui.chkOpenCOM, SIGNAL(clicked(bool)), this, SLOT(OnOpenCOM())); connect(ui.chkOpenCOM, SIGNAL(clicked(bool)), this, SLOT(OnOpenCOM()));
connect(ui.chkComTimeout, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged())); connect(ui.chkComTimeout, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkForceRestart, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkNoSecurityIsolation, SIGNAL(clicked(bool)), this, SLOT(OnIsolationChanged())); connect(ui.chkNoSecurityIsolation, SIGNAL(clicked(bool)), this, SLOT(OnIsolationChanged()));
connect(ui.chkNoSecurityFiltering, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged())); connect(ui.chkNoSecurityFiltering, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
@ -39,7 +41,7 @@ void COptionsWindow::CreateAdvanced()
connect(ui.chkOpenLsaEndpoint, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged())); connect(ui.chkOpenLsaEndpoint, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkSbieLogon, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged())); connect(ui.chkSbieLogon, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
connect(ui.chkCreateToken, SIGNAL(clicked(bool)), this, SLOT(OnAdvancedChanged()));
m_AdvOptions.insert("UseWin32kHooks", SAdvOption{eSpec, QStringList() << "y" << "n", tr("Enable the use of win32 hooks for selected processes. Note: You need to enable win32k syscall hook support globally first.")}); m_AdvOptions.insert("UseWin32kHooks", SAdvOption{eSpec, QStringList() << "y" << "n", tr("Enable the use of win32 hooks for selected processes. Note: You need to enable win32k syscall hook support globally first.")});
m_AdvOptions.insert("EnableMiniDump", SAdvOption{eSpec, QStringList() << "y" << "n", tr("Enable crash dump creation in the sandbox folder")}); m_AdvOptions.insert("EnableMiniDump", SAdvOption{eSpec, QStringList() << "y" << "n", tr("Enable crash dump creation in the sandbox folder")});
@ -142,6 +144,8 @@ void COptionsWindow::LoadAdvanced()
ui.chkProtectSystem->setChecked(!m_pBox->GetBool("ExposeBoxedSystem", false)); ui.chkProtectSystem->setChecked(!m_pBox->GetBool("ExposeBoxedSystem", false));
ui.chkDropPrivileges->setChecked(m_pBox->GetBool("StripSystemPrivileges", true)); ui.chkDropPrivileges->setChecked(m_pBox->GetBool("StripSystemPrivileges", true));
ui.chkForceRestart->setChecked(m_pBox->GetBool("ForceRestartAll", false));
CheckOpenCOM(); CheckOpenCOM();
ui.chkComTimeout->setChecked(!m_pBox->GetBool("RpcMgmtSetComTimeout", true)); ui.chkComTimeout->setChecked(!m_pBox->GetBool("RpcMgmtSetComTimeout", true));
@ -373,6 +377,8 @@ void COptionsWindow::SaveAdvanced()
WriteAdvancedCheck(ui.chkComTimeout, "RpcMgmtSetComTimeout", "n", ""); WriteAdvancedCheck(ui.chkComTimeout, "RpcMgmtSetComTimeout", "n", "");
WriteAdvancedCheck(ui.chkForceRestart, "ForceRestartAll", "y", "");
WriteAdvancedCheck(ui.chkNoSecurityIsolation, "NoSecurityIsolation", "y", ""); WriteAdvancedCheck(ui.chkNoSecurityIsolation, "NoSecurityIsolation", "y", "");
WriteAdvancedCheck(ui.chkNoSecurityFiltering, "NoSecurityFiltering", "y", ""); WriteAdvancedCheck(ui.chkNoSecurityFiltering, "NoSecurityFiltering", "y", "");
@ -426,6 +432,9 @@ void COptionsWindow::SaveAdvanced()
bool bGlobalSbieLogon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieLogon", false); bool bGlobalSbieLogon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieLogon", false);
WriteAdvancedCheck(ui.chkSbieLogon, "SandboxieLogon", bGlobalSbieLogon ? "" : "y", bGlobalSbieLogon ? "n" : ""); WriteAdvancedCheck(ui.chkSbieLogon, "SandboxieLogon", bGlobalSbieLogon ? "" : "y", bGlobalSbieLogon ? "n" : "");
bool bGlobalSandboxGroup = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("SandboxieAllGroup", false);
WriteAdvancedCheck(ui.chkCreateToken, "UseCreateToken", bGlobalSandboxGroup ? "" : "y", "");
SaveOptionList(); SaveOptionList();
bool bGlobalNoMon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("DisableResourceMonitor", false); bool bGlobalNoMon = m_pBox->GetAPI()->GetGlobalSettings()->GetBool("DisableResourceMonitor", false);
@ -595,14 +604,16 @@ void COptionsWindow::UpdateBoxIsolation()
ui.chkNoOpenForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked()); ui.chkNoOpenForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkSbieLogon->setEnabled(!ui.chkNoSecurityIsolation->isChecked()); ui.chkSbieLogon->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkCreateToken->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
if (ui.chkNoSecurityIsolation->isChecked()) { if (ui.chkNoSecurityIsolation->isChecked()) {
ui.chkCloseForBox->setChecked(false); ui.chkCloseForBox->setChecked(false);
ui.chkNoOpenForBox->setChecked(false); ui.chkNoOpenForBox->setChecked(false);
ui.chkSbieLogon->setChecked(false); ui.chkSbieLogon->setChecked(false);
ui.chkCreateToken->setChecked(false)
} }
else { else {
ReadGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false); ReadGlobalCheck(ui.chkSbieLogon, "SandboxieLogon", false);
ReadGlobalCheck(ui.chkCreateToken, "UseCreateToken", false);
} }
} }