Merge pull request #3736 from love-code-yeyixiao/master

Add an option to force the protection of an encrypted sandbox to be enabled.
This commit is contained in:
DavidXanatos 2024-03-24 09:48:16 +01:00 committed by GitHub
commit b91daec2a1
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
6 changed files with 173 additions and 152 deletions

View File

@ -95,7 +95,7 @@ _FX BOOLEAN Gui_InitTitle(HMODULE module)
// hook functions // hook functions
// //
if (! Gui_DisableTitle) { if (! Gui_DisableTitle||SbieApi_QueryConfBool(NULL,"NoTitle",FALSE)) {
SBIEDLL_HOOK_GUI(GetWindowTextW); SBIEDLL_HOOK_GUI(GetWindowTextW);
SBIEDLL_HOOK_GUI(GetWindowTextA); SBIEDLL_HOOK_GUI(GetWindowTextA);
@ -291,7 +291,6 @@ _FX int Gui_FixTitleW(HWND hWnd, WCHAR *lpWindowTitle, int len)
{ {
if (len >= (int)Gui_TitleSuffixW_len * 2 && if (len >= (int)Gui_TitleSuffixW_len * 2 &&
Gui_ShouldCreateTitle(hWnd)) { Gui_ShouldCreateTitle(hWnd)) {
if (wmemcmp(lpWindowTitle, &Gui_TitleSuffixW[1], 3) == 0) { if (wmemcmp(lpWindowTitle, &Gui_TitleSuffixW[1], 3) == 0) {
len -= 4; len -= 4;
wmemmove(lpWindowTitle, lpWindowTitle + 4, len); wmemmove(lpWindowTitle, lpWindowTitle + 4, len);
@ -326,7 +325,6 @@ _FX int Gui_FixTitleA(HWND hWnd, UCHAR *lpWindowTitle, int len)
{ {
if (len >= (int)Gui_TitleSuffixA_len * 2 && if (len >= (int)Gui_TitleSuffixA_len * 2 &&
Gui_ShouldCreateTitle(hWnd)) { Gui_ShouldCreateTitle(hWnd)) {
if (memcmp(lpWindowTitle, &Gui_TitleSuffixA[1], 3) == 0) { if (memcmp(lpWindowTitle, &Gui_TitleSuffixA[1], 3) == 0) {
len -= 4; len -= 4;
memmove(lpWindowTitle, lpWindowTitle + 4, len); memmove(lpWindowTitle, lpWindowTitle + 4, len);

View File

@ -285,144 +285,6 @@
<string>File Options</string> <string>File Options</string>
</attribute> </attribute>
<layout class="QGridLayout" name="gridLayout_28"> <layout class="QGridLayout" name="gridLayout_28">
<item row="13" column="1">
<widget class="QLabel" name="label_37">
<property name="maximumSize">
<size>
<width>20</width>
<height>16777215</height>
</size>
</property>
<property name="text">
<string/>
</property>
</widget>
</item>
<item row="5" column="1" colspan="4">
<widget class="QCheckBox" name="chkEncrypt">
<property name="text">
<string>Encrypt sandbox content</string>
</property>
</widget>
</item>
<item row="14" column="3">
<spacer name="horizontalSpacer_4">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>410</width>
<height>13</height>
</size>
</property>
</spacer>
</item>
<item row="6" column="2" colspan="4">
<widget class="QLabel" name="lblCrypto">
<property name="text">
<string>When &lt;a href=&quot;sbie://docs/boxencryption&quot;&gt;Box Encryption&lt;/a&gt; is enabled the boxs root folder, including its registry hive, is stored in an encrypted disk image, using &lt;a href=&quot;https://diskcryptor.org&quot;&gt;Disk Cryptor's&lt;/a&gt; AES-XTS implementation.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property>
</widget>
</item>
<item row="13" column="2" colspan="4">
<widget class="QCheckBox" name="chkRawDiskNotify">
<property name="text">
<string>Warn when an application opens a harddrive handle</string>
</property>
</widget>
</item>
<item row="5" column="5">
<widget class="QToolButton" name="btnPassword">
<property name="text">
<string>Set Password</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="3">
<widget class="QLabel" name="lblScheme">
<property name="text">
<string>Virtualization scheme</string>
</property>
</widget>
</item>
<item row="1" column="4">
<widget class="QComboBox" name="cmbVersion"/>
</item>
<item row="14" column="1">
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>52</height>
</size>
</property>
</spacer>
</item>
<item row="11" column="0" colspan="2">
<widget class="QLabel" name="lblRawDisk">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Disk/File access</string>
</property>
</widget>
</item>
<item row="12" column="1" colspan="5">
<widget class="QCheckBox" name="chkRawDiskRead">
<property name="text">
<string>Allow elevated sandboxed applications to read the harddrive</string>
</property>
</widget>
</item>
<item row="0" column="2" colspan="4">
<widget class="QLabel" name="lblWhenEmpty">
<property name="text">
<string>The box structure can only be changed when the sandbox is empty</string>
</property>
</widget>
</item>
<item row="10" column="1" colspan="4">
<widget class="QCheckBox" name="chkProtectBox">
<property name="toolTip">
<string>Partially checked means prevent box removal but not content deletion.</string>
</property>
<property name="text">
<string>Protect this sandbox from deletion or emptying</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="9" column="1" colspan="5">
<widget class="QCheckBox" name="chkAutoEmpty">
<property name="text">
<string>Auto delete content when last sandboxed process terminates</string>
</property>
</widget>
</item>
<item row="7" column="2" colspan="4">
<widget class="QLabel" name="lblImDisk">
<property name="text">
<string>&lt;a href=&quot;addon://ImDisk&quot;&gt;Install ImDisk&lt;/a&gt; driver to enable Ram Disk and Disk Image support.</string>
</property>
</widget>
</item>
<item row="0" column="0"> <item row="0" column="0">
<widget class="QLabel" name="lblStructure"> <widget class="QLabel" name="lblStructure">
<property name="font"> <property name="font">
@ -437,7 +299,24 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="2" column="1" colspan="4"> <item row="0" column="2" colspan="2">
<widget class="QLabel" name="lblWhenEmpty">
<property name="text">
<string>The box structure can only be changed when the sandbox is empty</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="3">
<widget class="QLabel" name="lblScheme">
<property name="text">
<string>Virtualization scheme</string>
</property>
</widget>
</item>
<item row="1" column="4">
<widget class="QComboBox" name="cmbVersion"/>
</item>
<item row="2" column="1" colspan="3">
<widget class="QCheckBox" name="chkSeparateUserFolders"> <widget class="QCheckBox" name="chkSeparateUserFolders">
<property name="text"> <property name="text">
<string>Separate user folders</string> <string>Separate user folders</string>
@ -447,14 +326,62 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="4" column="1" colspan="4"> <item row="3" column="1" colspan="3">
<widget class="QCheckBox" name="chkUseVolumeSerialNumbers">
<property name="text">
<string>Use volume serial numbers for drives, like: \drive\C~1234-ABCD</string>
</property>
</widget>
</item>
<item row="4" column="1" colspan="3">
<widget class="QCheckBox" name="chkRamBox"> <widget class="QCheckBox" name="chkRamBox">
<property name="text"> <property name="text">
<string>Store the sandbox content in a Ram Disk</string> <string>Store the sandbox content in a Ram Disk</string>
</property> </property>
</widget> </widget>
</item> </item>
<item row="8" column="0" colspan="3"> <item row="5" column="1" colspan="3">
<widget class="QCheckBox" name="chkEncrypt">
<property name="text">
<string>Encrypt sandbox content</string>
</property>
</widget>
</item>
<item row="5" column="5">
<widget class="QToolButton" name="btnPassword">
<property name="text">
<string>Set Password</string>
</property>
</widget>
</item>
<item row="6" column="2" colspan="4">
<widget class="QLabel" name="lblCrypto">
<property name="text">
<string>When &lt;a href=&quot;sbie://docs/boxencryption&quot;&gt;Box Encryption&lt;/a&gt; is enabled the boxs root folder, including its registry hive, is stored in an encrypted disk image, using &lt;a href=&quot;https://diskcryptor.org&quot;&gt;Disk Cryptor's&lt;/a&gt; AES-XTS implementation.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property>
</widget>
</item>
<item row="7" column="2" colspan="2">
<widget class="QLabel" name="lblImDisk">
<property name="text">
<string>&lt;a href=&quot;addon://ImDisk&quot;&gt;Install ImDisk&lt;/a&gt; driver to enable Ram Disk and Disk Image support.</string>
</property>
</widget>
</item>
<item row="8" column="2" colspan="2">
<widget class="QCheckBox" name="chkForceProtection">
<property name="text">
<string>Force protection on mount</string>
</property>
</widget>
</item>
<item row="9" column="0" colspan="3">
<widget class="QLabel" name="lblDelete"> <widget class="QLabel" name="lblDelete">
<property name="font"> <property name="font">
<font> <font>
@ -468,13 +395,93 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="3" column="1" colspan="5"> <item row="10" column="1" colspan="3">
<widget class="QCheckBox" name="chkUseVolumeSerialNumbers"> <widget class="QCheckBox" name="chkAutoEmpty">
<property name="text"> <property name="text">
<string>Use volume serial numbers for drives, like: \drive\C~1234-ABCD</string> <string>Auto delete content when last sandboxed process terminates</string>
</property> </property>
</widget> </widget>
</item> </item>
<item row="11" column="1" colspan="3">
<widget class="QCheckBox" name="chkProtectBox">
<property name="toolTip">
<string>Partially checked means prevent box removal but not content deletion.</string>
</property>
<property name="text">
<string>Protect this sandbox from deletion or emptying</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="12" column="0" colspan="2">
<widget class="QLabel" name="lblRawDisk">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Disk/File access</string>
</property>
</widget>
</item>
<item row="13" column="1">
<widget class="QLabel" name="label_37">
<property name="maximumSize">
<size>
<width>20</width>
<height>16777215</height>
</size>
</property>
<property name="text">
<string/>
</property>
</widget>
</item>
<item row="14" column="1" colspan="3">
<widget class="QCheckBox" name="chkRawDiskRead">
<property name="text">
<string>Allow elevated sandboxed applications to read the harddrive</string>
</property>
</widget>
</item>
<item row="15" column="2" colspan="2">
<widget class="QCheckBox" name="chkRawDiskNotify">
<property name="text">
<string>Warn when an application opens a harddrive handle</string>
</property>
</widget>
</item>
<item row="16" column="1">
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>52</height>
</size>
</property>
</spacer>
</item>
<item row="16" column="3">
<spacer name="horizontalSpacer_4">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>410</width>
<height>13</height>
</size>
</property>
</spacer>
</item>
</layout> </layout>
</widget> </widget>
<widget class="QWidget" name="tabMigration"> <widget class="QWidget" name="tabMigration">
@ -4585,8 +4592,8 @@ instead of &quot;*&quot;.</string>
<rect> <rect>
<x>0</x> <x>0</x>
<y>0</y> <y>0</y>
<width>98</width> <width>92</width>
<height>28</height> <height>16</height>
</rect> </rect>
</property> </property>
<layout class="QGridLayout" name="dbgLayout"> <layout class="QGridLayout" name="dbgLayout">

View File

@ -1716,6 +1716,7 @@ SB_STATUS CSandMan::ImBoxMount(const CSandBoxPtr& pBox, bool bAutoUnmount)
} }
CBoxImageWindow window(CBoxImageWindow::eMount, this); CBoxImageWindow window(CBoxImageWindow::eMount, this);
window.SetForce(pBox->GetBool("ForceProtectionOnMount", false));
window.SetAutoUnMount(bAutoUnmount); window.SetAutoUnMount(bAutoUnmount);
if (theGUI->SafeExec(&window) != 1) if (theGUI->SafeExec(&window) != 1)
return SB_ERR(SB_Canceled); return SB_ERR(SB_Canceled);

View File

@ -97,10 +97,17 @@ CBoxImageWindow::CBoxImageWindow(EAction Action, QWidget *parent)
ui.chkProtect->setVisible(false); ui.chkProtect->setVisible(false);
ui.chkAutoLock->setVisible(false); ui.chkAutoLock->setVisible(false);
} }
//restoreGeometry(theConf->GetBlob("BoxImageWindow/Window_Geometry")); //restoreGeometry(theConf->GetBlob("BoxImageWindow/Window_Geometry"));
} }
void CBoxImageWindow::SetForce(bool force) {
ui.chkProtect->setEnabled(!force);
ui.chkProtect->setChecked(true);
ui.chkAutoLock->setChecked(true);
ui.chkAutoLock->setEnabled(!force);
}
CBoxImageWindow::~CBoxImageWindow() CBoxImageWindow::~CBoxImageWindow()
{ {
//theConf->SetBlob("BoxImageWindow/Window_Geometry", saveGeometry()); //theConf->SetBlob("BoxImageWindow/Window_Geometry", saveGeometry());

View File

@ -22,6 +22,7 @@ public:
QString GetPassword() const { return m_Password; } QString GetPassword() const { return m_Password; }
QString GetNewPassword() const { return m_NewPassword; } QString GetNewPassword() const { return m_NewPassword; }
void SetForce(bool force);
void SetImageSize(quint64 uSize) const { return ui.txtImageSize->setText(QString::number(uSize / 1024)); } void SetImageSize(quint64 uSize) const { return ui.txtImageSize->setText(QString::number(uSize / 1024)); }
quint64 GetImageSize() const { return ui.txtImageSize->text().toULongLong() * 1024; } quint64 GetImageSize() const { return ui.txtImageSize->text().toULongLong() * 1024; }
bool UseProtection() const { return ui.chkProtect->isChecked(); } bool UseProtection() const { return ui.chkProtect->isChecked(); }

View File

@ -190,6 +190,7 @@ void COptionsWindow::CreateGeneral()
connect(ui.chkRamBox, SIGNAL(clicked(bool)), this, SLOT(OnDiskChanged())); connect(ui.chkRamBox, SIGNAL(clicked(bool)), this, SLOT(OnDiskChanged()));
connect(ui.chkEncrypt, SIGNAL(clicked(bool)), this, SLOT(OnDiskChanged())); connect(ui.chkEncrypt, SIGNAL(clicked(bool)), this, SLOT(OnDiskChanged()));
connect(ui.chkForceProtection, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.btnPassword, SIGNAL(clicked(bool)), this, SLOT(OnSetPassword())); connect(ui.btnPassword, SIGNAL(clicked(bool)), this, SLOT(OnSetPassword()));
bool bImDiskReady = theGUI->IsImDiskReady(); bool bImDiskReady = theGUI->IsImDiskReady();
@ -330,8 +331,11 @@ void COptionsWindow::LoadGeneral()
ui.chkRamBox->setChecked(m_pBox->GetBool("UseRamDisk", false)); ui.chkRamBox->setChecked(m_pBox->GetBool("UseRamDisk", false));
ui.chkEncrypt->setChecked(m_pBox->GetBool("UseFileImage", false)); ui.chkEncrypt->setChecked(m_pBox->GetBool("UseFileImage", false));
if (ui.chkRamBox->isEnabled()) ui.chkForceProtection->setChecked(m_pBox->GetBool("ForceProtectionOnMount", false));
if (ui.chkRamBox->isEnabled()) {
ui.chkEncrypt->setEnabled(!ui.chkRamBox->isChecked()); ui.chkEncrypt->setEnabled(!ui.chkRamBox->isChecked());
ui.chkForceProtection->setEnabled(!ui.chkRamBox->isChecked());
}
CSandBoxPlus* pBoxEx = qobject_cast<CSandBoxPlus*>(m_pBox.data()); CSandBoxPlus* pBoxEx = qobject_cast<CSandBoxPlus*>(m_pBox.data());
if (pBoxEx && QFile::exists(pBoxEx->GetBoxImagePath())) if (pBoxEx && QFile::exists(pBoxEx->GetBoxImagePath()))
{ {
@ -422,6 +426,7 @@ void COptionsWindow::SaveGeneral()
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", ""); WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
//WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n"); //WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
WriteAdvancedCheck(ui.chkProtectPower, "BlockInterferePower", "y", "n"); WriteAdvancedCheck(ui.chkProtectPower, "BlockInterferePower", "y", "n");
WriteAdvancedCheck(ui.chkForceProtection, "ForceProtectionOnMount", "y", "n");
WriteAdvancedCheck(ui.chkVmReadNotify, "NotifyProcessAccessDenied", "y", ""); WriteAdvancedCheck(ui.chkVmReadNotify, "NotifyProcessAccessDenied", "y", "");
//WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n"); //WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
//WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", ""); //WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", "");
@ -1127,11 +1132,13 @@ void COptionsWindow::OnDiskChanged()
ui.chkEncrypt->setEnabled(false); ui.chkEncrypt->setEnabled(false);
ui.chkEncrypt->setChecked(false); ui.chkEncrypt->setChecked(false);
ui.btnPassword->setEnabled(false); ui.btnPassword->setEnabled(false);
ui.chkForceProtection->setEnabled(false);
} }
else { else {
ui.chkEncrypt->setEnabled(true); ui.chkEncrypt->setEnabled(true);
CSandBoxPlus* pBoxEx = qobject_cast<CSandBoxPlus*>(m_pBox.data()); CSandBoxPlus* pBoxEx = qobject_cast<CSandBoxPlus*>(m_pBox.data());
ui.btnPassword->setEnabled(ui.chkEncrypt->isChecked() && pBoxEx && pBoxEx->GetMountRoot().isEmpty()); ui.btnPassword->setEnabled(ui.chkEncrypt->isChecked() && pBoxEx && pBoxEx->GetMountRoot().isEmpty());
ui.chkForceProtection->setEnabled(ui.chkEncrypt->isChecked());
} }
OnGeneralChanged(); OnGeneralChanged();