mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

Merge pull request #3671 from love-code-yeyixiao/BlockControlShutdown 

Prevents process from interfering with system power operation
This commit is contained in:
DavidXanatos 2024-03-03 13:47:21 +01:00 committed by GitHub
parent 62c6e420fe caaeccf577
commit a7f0944039
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 77 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
Sandboxie/core/dll/gui.c
View File

@ -385,6 +385,7 @@ _FX BOOLEAN Gui_Init(HMODULE module)
GUI_IMPORT___(GetDC) GUI_IMPORT___(GetDC)
GUI_IMPORT___(GetDCEx) GUI_IMPORT___(GetDCEx)
GUI_IMPORT___(GetWindowThreadProcessId); GUI_IMPORT___(GetWindowThreadProcessId);
GUI_IMPORT___(SetThreadExecutionState);
GUI_IMPORT___(SetThreadDesktop); GUI_IMPORT___(SetThreadDesktop);
GUI_IMPORT___(SwitchDesktop); GUI_IMPORT___(SwitchDesktop);
GUI_IMPORT___(UserHandleGrantAccess); GUI_IMPORT___(UserHandleGrantAccess);
@ -509,6 +510,7 @@ _FX BOOLEAN Gui_Init(HMODULE module)
GUI_IMPORT_AW(PostMessage); GUI_IMPORT_AW(PostMessage);
GUI_IMPORT_AW(PostThreadMessage); GUI_IMPORT_AW(PostThreadMessage);
GUI_IMPORT_AW(DispatchMessage); GUI_IMPORT_AW(DispatchMessage);
GUI_IMPORT___(ShutdownBlockReasonCreate)
GUI_IMPORT_AW(SetWindowsHookEx); GUI_IMPORT_AW(SetWindowsHookEx);
GUI_IMPORT___(UnhookWindowsHookEx); GUI_IMPORT___(UnhookWindowsHookEx);
@ -1601,6 +1603,13 @@ _FX LRESULT Gui_WindowProcW(
if (uMsg == WM_CREATE) if (uMsg == WM_CREATE)
Gui_ProtectScreen(hWnd); Gui_ProtectScreen(hWnd);
if (uMsg == WM_QUERYENDSESSION)
{
if (SbieApi_QueryConfBool(NULL, "BlockInterferePower", FALSE)) {
return TRUE;
}
}
wndproc = __sys_GetPropW(hWnd, (LPCWSTR)Gui_WindowProcOldW_Atom); wndproc = __sys_GetPropW(hWnd, (LPCWSTR)Gui_WindowProcOldW_Atom);
if (DLL_IMAGE_OFFICE_EXCEL == Dll_ImageType) { if (DLL_IMAGE_OFFICE_EXCEL == Dll_ImageType) {
@ -1658,7 +1667,12 @@ _FX LRESULT Gui_WindowProcA(
if (uMsg == WM_CREATE) if (uMsg == WM_CREATE)
Gui_ProtectScreen(hWnd); Gui_ProtectScreen(hWnd);
if (uMsg == WM_QUERYENDSESSION)
{
if (SbieApi_QueryConfBool(NULL, "BlockInterferePower", FALSE)) {
return TRUE;
}
}
wndproc = __sys_GetPropW(hWnd, (LPCWSTR)Gui_WindowProcOldA_Atom); wndproc = __sys_GetPropW(hWnd, (LPCWSTR)Gui_WindowProcOldA_Atom);
lResult = __sys_CallWindowProcA(wndproc, hWnd, uMsg, wParam, new_lParam); lResult = __sys_CallWindowProcA(wndproc, hWnd, uMsg, wParam, new_lParam);

6
Sandboxie/core/dll/gui_p.h
View File

@ -420,6 +420,10 @@ typedef HDC(*P_GetDCEx)(HWND hWnd,HRGN hrgnClip,DWORD flags);
typedef BOOL (*P_PrintWindow)(HWND hwnd,HDC hdcBlt,UINT nFlags); typedef BOOL (*P_PrintWindow)(HWND hwnd,HDC hdcBlt,UINT nFlags);
typedef BOOL (*P_ShutdownBlockReasonCreate)(HWND hWnd,LPCWSTR pwszReason);
typedef EXECUTION_STATE (*P_SetThreadExecutionState)(EXECUTION_STATE esFlags);
typedef BOOL (*P_SetThreadDesktop)(HDESK hDesktop); typedef BOOL (*P_SetThreadDesktop)(HDESK hDesktop);
typedef BOOL (*P_SwitchDesktop)(HDESK hDesktop); typedef BOOL (*P_SwitchDesktop)(HDESK hDesktop);
@ -571,6 +575,8 @@ GUI_SYS_VAR(IsZoomed)
GUI_SYS_VAR_2(SendMessage) GUI_SYS_VAR_2(SendMessage)
GUI_SYS_VAR_2(SendMessageTimeout) GUI_SYS_VAR_2(SendMessageTimeout)
//GUI_SYS_VAR_2(SendMessageCallback) //GUI_SYS_VAR_2(SendMessageCallback)
GUI_SYS_VAR(ShutdownBlockReasonCreate)
GUI_SYS_VAR(SetThreadExecutionState)
GUI_SYS_VAR_2(SendNotifyMessage) GUI_SYS_VAR_2(SendNotifyMessage)
GUI_SYS_VAR_2(PostMessage) GUI_SYS_VAR_2(PostMessage)
GUI_SYS_VAR_2(PostThreadMessage) GUI_SYS_VAR_2(PostThreadMessage)

34
Sandboxie/core/dll/guimisc.c
View File

@ -107,6 +107,14 @@ static HDC Gui_GetDCEx(HWND hWnd, HRGN hrgnClip, DWORD flags);
static BOOL Gui_PrintWindow(HWND hwnd,HDC hdcBlt,UINT nFlags); static BOOL Gui_PrintWindow(HWND hwnd,HDC hdcBlt,UINT nFlags);
static BOOL Gui_ShutdownBlockReasonCreate(
HWND hWnd,
LPCWSTR pwszReason
);
static EXECUTION_STATE Gui_SetThreadExecutionState(
EXECUTION_STATE esFlags
);
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
@ -189,6 +197,8 @@ _FX BOOLEAN Gui_InitMisc(HMODULE module)
SBIEDLL_HOOK_GUI(GetDC); SBIEDLL_HOOK_GUI(GetDC);
SBIEDLL_HOOK_GUI(GetDCEx); SBIEDLL_HOOK_GUI(GetDCEx);
SBIEDLL_HOOK_GUI(PrintWindow); SBIEDLL_HOOK_GUI(PrintWindow);
SBIEDLL_HOOK_GUI(ShutdownBlockReasonCreate);
SBIEDLL_HOOK_GUI(SetThreadExecutionState);
if (Dll_OsBuild >= 6000) { if (Dll_OsBuild >= 6000) {
// //
@ -1573,3 +1583,27 @@ _FX BOOL Gui_PrintWindow(HWND hwnd, HDC hdcBlt, UINT nFlags)
} }
return __sys_PrintWindow(hwnd, hdcBlt, nFlags); return __sys_PrintWindow(hwnd, hdcBlt, nFlags);
} }
//---------------------------------------------------------------------------
// Gui_ShutdownBlockReasonCreate
//---------------------------------------------------------------------------
_FX BOOL Gui_ShutdownBlockReasonCreate(
HWND hWnd,
LPCWSTR pwszReason
) {
if (SbieApi_QueryConfBool(NULL, "BlockInterferePower", FALSE)) {
SetLastError(ERROR_ACCESS_DENIED);
return 0;
}
return __sys_ShutdownBlockReasonCreate(hWnd, pwszReason);
}
_FX EXECUTION_STATE Gui_SetThreadExecutionState(
EXECUTION_STATE esFlags
) {
if (SbieApi_QueryConfBool(NULL, "BlockInterferePower", FALSE)) {
SetLastError(ERROR_ACCESS_DENIED);
return 0;
}
return __sys_SetThreadExecutionState(esFlags);
}

22
SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View File

@ -736,7 +736,21 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="9" column="1"> <item row="9" column="2">
<widget class="QCheckBox" name="chkOpenCredentials">
<property name="text">
<string>Open Windows Credentials Store (user mode)</string>
</property>
</widget>
</item>
<item row="10" column="1" colspan="2">
<widget class="QCheckBox" name="chkCloseClipBoard">
<property name="text">
<string>Block read access to the clipboard</string>
</property>
</widget>
</item>
<item row="11" column="1">
<widget class="QLabel" name="label_39"> <widget class="QLabel" name="label_39">
<property name="minimumSize"> <property name="minimumSize">
<size> <size>
@ -775,10 +789,10 @@
</property> </property>
</spacer> </spacer>
</item> </item>
<item row="11" column="1" colspan="2"> <item row="14" column="1" colspan="2">
<widget class="QCheckBox" name="chkVmRead"> <widget class="QCheckBox" name="chkBlockCapture">
<property name="text"> <property name="text">
<string>Allow to read memory of unsandboxed processes (not recommended)</string> <string>Prevents an in-sandbox process from performing cross-sandbox window image manipulation.</string>
</property> </property>
</widget> </widget>
</item> </item>

1
SandboxiePlus/SandMan/Windows/OptionsAdvanced.cpp
View File

@ -522,6 +522,7 @@ void COptionsWindow::UpdateBoxIsolation()
ui.chkVmRead->setEnabled(!ui.chkNoSecurityIsolation->isChecked()); ui.chkVmRead->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkBlockCapture->setEnabled(!ui.chkNoSecurityIsolation->isChecked()); ui.chkBlockCapture->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkProtectPower->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkCloseForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked()); ui.chkCloseForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkNoOpenForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked()); ui.chkNoOpenForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());

3
SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
View File

@ -167,6 +167,7 @@ void COptionsWindow::CreateGeneral()
connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkOpenCredentials, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkCloseClipBoard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkCloseClipBoard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkBlockCapture, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkBlockCapture, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkProtectPower, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.chkVmRead, SIGNAL(clicked(bool)), this, SLOT(OnVmRead())); connect(ui.chkVmRead, SIGNAL(clicked(bool)), this, SLOT(OnVmRead()));
connect(ui.chkVmReadNotify, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); connect(ui.chkVmReadNotify, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
//connect(ui.chkOpenSmartCard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged())); //connect(ui.chkOpenSmartCard, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
@ -284,6 +285,7 @@ void COptionsWindow::LoadGeneral()
ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false)); ui.chkOpenCredentials->setChecked(!ui.chkOpenCredentials->isEnabled() || m_pBox->GetBool("OpenCredentials", false));
ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true)); ui.chkCloseClipBoard->setChecked(!m_pBox->GetBool("OpenClipboard", true));
ui.chkBlockCapture->setChecked(m_pBox->GetBool("IsBlockCapture", false)); ui.chkBlockCapture->setChecked(m_pBox->GetBool("IsBlockCapture", false));
ui.chkProtectPower->setChecked(m_pBox->GetBool("BlockInterferePower", false));
ui.chkVmReadNotify->setChecked(m_pBox->GetBool("NotifyProcessAccessDenied", false)); ui.chkVmReadNotify->setChecked(m_pBox->GetBool("NotifyProcessAccessDenied", false));
//ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true)); //ui.chkOpenSmartCard->setChecked(m_pBox->GetBool("OpenSmartCard", true));
//ui.chkOpenBluetooth->setChecked(m_pBox->GetBool("OpenBluetooth", false)); //ui.chkOpenBluetooth->setChecked(m_pBox->GetBool("OpenBluetooth", false));
@ -419,6 +421,7 @@ void COptionsWindow::SaveGeneral()
WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", ""); WriteAdvancedCheck(ui.chkOpenCredentials, "OpenCredentials", "y", "");
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", ""); WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n"); WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
WriteAdvancedCheck(ui.chkProtectPower, "BlockInterferePower", "y", "n");
WriteAdvancedCheck(ui.chkVmReadNotify, "NotifyProcessAccessDenied", "y", ""); WriteAdvancedCheck(ui.chkVmReadNotify, "NotifyProcessAccessDenied", "y", "");
//WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n"); //WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
//WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", ""); //WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", "");