This commit is contained in:
DavidXanatos 2023-03-12 19:30:28 +01:00
parent d52210a3ee
commit c3b7306ed1
4 changed files with 23 additions and 5 deletions

View File

@ -16,6 +16,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
- fixed issue with NT namespace virtualization [#2701](https://github.com/sandboxie-plus/Sandboxie/issues/2701)
- fixed issue with run unsandboxed [#2710](https://github.com/sandboxie-plus/Sandboxie/issues/2710)
- fixed issue with new box wizard [#2729](https://github.com/sandboxie-plus/Sandboxie/issues/2729)
- fixed issue with break out processes and user restricted sandboxes [#2732](https://github.com/sandboxie-plus/Sandboxie/issues/2732)

View File

@ -409,6 +409,8 @@ API_ARGS_CLOSE(API_SESSION_LEADER_ARGS)
API_ARGS_BEGIN(API_IS_BOX_ENABLED_ARGS)
API_ARGS_FIELD(WCHAR *,box_name)
API_ARGS_FIELD(WCHAR *,sid_string)
API_ARGS_FIELD(ULONG, session_id)
API_ARGS_CLOSE(API_IS_BOX_ENABLED_ARGS)

View File

@ -565,19 +565,30 @@ _FX NTSTATUS Conf_Api_IsBoxEnabled(PROCESS *proc, ULONG64 *parms)
NTSTATUS status;
ULONG SessionId;
UNICODE_STRING SidString;
const WCHAR* sid;
WCHAR boxname[34];
if (! Api_CopyBoxNameFromUser(boxname, (WCHAR *)args->box_name.val))
return STATUS_INVALID_PARAMETER;
status = Process_GetSidStringAndSessionId(
if (args->sid_string.val != NULL) {
sid = args->sid_string.val;
SessionId = args->session_id.val;
SidString.Buffer = NULL;
status = STATUS_SUCCESS;
}
else {
status = Process_GetSidStringAndSessionId(
NtCurrentProcess(), NULL, &SidString, &SessionId);
sid = SidString.Buffer;
}
if (NT_SUCCESS(status)) {
status = Conf_IsValidBox(boxname);
if (NT_SUCCESS(status)) {
if (! Conf_IsBoxEnabled(boxname, SidString.Buffer, SessionId))
if (! Conf_IsBoxEnabled(boxname, sid, SessionId))
status = STATUS_ACCOUNT_RESTRICTION;
}

View File

@ -512,11 +512,13 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
LONG_PTR BoxNameOrModelPid;
bool CallerInSandbox;
WCHAR boxname[48] = { 0 };
WCHAR sid[96];
ULONG session_id;
BOOL FilterHandles = FALSE;
if (SbieApi_QueryProcessInfo((HANDLE)(ULONG_PTR)CallerPid, 0)) {
CallerInSandbox = true;
SbieApi_QueryProcess((HANDLE)(ULONG_PTR)CallerPid, boxname, NULL, NULL, NULL);
SbieApi_QueryProcess((HANDLE)(ULONG_PTR)CallerPid, boxname, NULL, sid, &session_id);
BoxNameOrModelPid = -(LONG_PTR)(LONG)CallerPid;
if ((req->si_flags & 0x80000000) != 0) { // bsession0 - this is only allowed for unsandboxed processes
lvl = 0xFF;
@ -527,7 +529,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
CallerInSandbox = false;
if (*req->boxname == L'-') {
int Pid = _wtoi(req->boxname + 1);
SbieApi_QueryProcess((HANDLE)(ULONG_PTR)Pid, boxname, NULL, NULL, NULL);
SbieApi_QueryProcess((HANDLE)(ULONG_PTR)Pid, boxname, NULL, sid, &session_id);
BoxNameOrModelPid = -Pid;
} else {
BoxNameOrModelPid = (LONG_PTR)req->boxname;
@ -577,9 +579,11 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
WCHAR BoxName[34];
int index = -1;
while (1) {
index = SbieApi_EnumBoxes(index, BoxName);
index = SbieApi_EnumBoxesEx(index, BoxName, TRUE);
if (index == -1)
break;
if (!NT_SUCCESS(SbieApi_Call(API_IS_BOX_ENABLED, 3, (ULONG_PTR)BoxName, (ULONG_PTR)sid, (ULONG_PTR)session_id)))
continue;
if (SbieDll_CheckStringInList(lpProgram + 1, BoxName, L"ForceProcess")
|| SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), BoxName, L"ForceFolder")) {