1.8.1
This commit is contained in:
parent
d52210a3ee
commit
c3b7306ed1
|
@ -16,6 +16,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
||||||
- fixed issue with NT namespace virtualization [#2701](https://github.com/sandboxie-plus/Sandboxie/issues/2701)
|
- fixed issue with NT namespace virtualization [#2701](https://github.com/sandboxie-plus/Sandboxie/issues/2701)
|
||||||
- fixed issue with run unsandboxed [#2710](https://github.com/sandboxie-plus/Sandboxie/issues/2710)
|
- fixed issue with run unsandboxed [#2710](https://github.com/sandboxie-plus/Sandboxie/issues/2710)
|
||||||
- fixed issue with new box wizard [#2729](https://github.com/sandboxie-plus/Sandboxie/issues/2729)
|
- fixed issue with new box wizard [#2729](https://github.com/sandboxie-plus/Sandboxie/issues/2729)
|
||||||
|
- fixed issue with break out processes and user restricted sandboxes [#2732](https://github.com/sandboxie-plus/Sandboxie/issues/2732)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -409,6 +409,8 @@ API_ARGS_CLOSE(API_SESSION_LEADER_ARGS)
|
||||||
|
|
||||||
API_ARGS_BEGIN(API_IS_BOX_ENABLED_ARGS)
|
API_ARGS_BEGIN(API_IS_BOX_ENABLED_ARGS)
|
||||||
API_ARGS_FIELD(WCHAR *,box_name)
|
API_ARGS_FIELD(WCHAR *,box_name)
|
||||||
|
API_ARGS_FIELD(WCHAR *,sid_string)
|
||||||
|
API_ARGS_FIELD(ULONG, session_id)
|
||||||
API_ARGS_CLOSE(API_IS_BOX_ENABLED_ARGS)
|
API_ARGS_CLOSE(API_IS_BOX_ENABLED_ARGS)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -565,19 +565,30 @@ _FX NTSTATUS Conf_Api_IsBoxEnabled(PROCESS *proc, ULONG64 *parms)
|
||||||
NTSTATUS status;
|
NTSTATUS status;
|
||||||
ULONG SessionId;
|
ULONG SessionId;
|
||||||
UNICODE_STRING SidString;
|
UNICODE_STRING SidString;
|
||||||
|
const WCHAR* sid;
|
||||||
WCHAR boxname[34];
|
WCHAR boxname[34];
|
||||||
|
|
||||||
if (! Api_CopyBoxNameFromUser(boxname, (WCHAR *)args->box_name.val))
|
if (! Api_CopyBoxNameFromUser(boxname, (WCHAR *)args->box_name.val))
|
||||||
return STATUS_INVALID_PARAMETER;
|
return STATUS_INVALID_PARAMETER;
|
||||||
|
|
||||||
|
if (args->sid_string.val != NULL) {
|
||||||
|
sid = args->sid_string.val;
|
||||||
|
SessionId = args->session_id.val;
|
||||||
|
SidString.Buffer = NULL;
|
||||||
|
status = STATUS_SUCCESS;
|
||||||
|
}
|
||||||
|
else {
|
||||||
status = Process_GetSidStringAndSessionId(
|
status = Process_GetSidStringAndSessionId(
|
||||||
NtCurrentProcess(), NULL, &SidString, &SessionId);
|
NtCurrentProcess(), NULL, &SidString, &SessionId);
|
||||||
|
sid = SidString.Buffer;
|
||||||
|
}
|
||||||
|
|
||||||
if (NT_SUCCESS(status)) {
|
if (NT_SUCCESS(status)) {
|
||||||
|
|
||||||
status = Conf_IsValidBox(boxname);
|
status = Conf_IsValidBox(boxname);
|
||||||
if (NT_SUCCESS(status)) {
|
if (NT_SUCCESS(status)) {
|
||||||
|
|
||||||
if (! Conf_IsBoxEnabled(boxname, SidString.Buffer, SessionId))
|
if (! Conf_IsBoxEnabled(boxname, sid, SessionId))
|
||||||
status = STATUS_ACCOUNT_RESTRICTION;
|
status = STATUS_ACCOUNT_RESTRICTION;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -512,11 +512,13 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|
||||||
LONG_PTR BoxNameOrModelPid;
|
LONG_PTR BoxNameOrModelPid;
|
||||||
bool CallerInSandbox;
|
bool CallerInSandbox;
|
||||||
WCHAR boxname[48] = { 0 };
|
WCHAR boxname[48] = { 0 };
|
||||||
|
WCHAR sid[96];
|
||||||
|
ULONG session_id;
|
||||||
BOOL FilterHandles = FALSE;
|
BOOL FilterHandles = FALSE;
|
||||||
|
|
||||||
if (SbieApi_QueryProcessInfo((HANDLE)(ULONG_PTR)CallerPid, 0)) {
|
if (SbieApi_QueryProcessInfo((HANDLE)(ULONG_PTR)CallerPid, 0)) {
|
||||||
CallerInSandbox = true;
|
CallerInSandbox = true;
|
||||||
SbieApi_QueryProcess((HANDLE)(ULONG_PTR)CallerPid, boxname, NULL, NULL, NULL);
|
SbieApi_QueryProcess((HANDLE)(ULONG_PTR)CallerPid, boxname, NULL, sid, &session_id);
|
||||||
BoxNameOrModelPid = -(LONG_PTR)(LONG)CallerPid;
|
BoxNameOrModelPid = -(LONG_PTR)(LONG)CallerPid;
|
||||||
if ((req->si_flags & 0x80000000) != 0) { // bsession0 - this is only allowed for unsandboxed processes
|
if ((req->si_flags & 0x80000000) != 0) { // bsession0 - this is only allowed for unsandboxed processes
|
||||||
lvl = 0xFF;
|
lvl = 0xFF;
|
||||||
|
@ -527,7 +529,7 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|
||||||
CallerInSandbox = false;
|
CallerInSandbox = false;
|
||||||
if (*req->boxname == L'-') {
|
if (*req->boxname == L'-') {
|
||||||
int Pid = _wtoi(req->boxname + 1);
|
int Pid = _wtoi(req->boxname + 1);
|
||||||
SbieApi_QueryProcess((HANDLE)(ULONG_PTR)Pid, boxname, NULL, NULL, NULL);
|
SbieApi_QueryProcess((HANDLE)(ULONG_PTR)Pid, boxname, NULL, sid, &session_id);
|
||||||
BoxNameOrModelPid = -Pid;
|
BoxNameOrModelPid = -Pid;
|
||||||
} else {
|
} else {
|
||||||
BoxNameOrModelPid = (LONG_PTR)req->boxname;
|
BoxNameOrModelPid = (LONG_PTR)req->boxname;
|
||||||
|
@ -577,9 +579,11 @@ MSG_HEADER *ProcessServer::RunSandboxedHandler(MSG_HEADER *msg)
|
||||||
WCHAR BoxName[34];
|
WCHAR BoxName[34];
|
||||||
int index = -1;
|
int index = -1;
|
||||||
while (1) {
|
while (1) {
|
||||||
index = SbieApi_EnumBoxes(index, BoxName);
|
index = SbieApi_EnumBoxesEx(index, BoxName, TRUE);
|
||||||
if (index == -1)
|
if (index == -1)
|
||||||
break;
|
break;
|
||||||
|
if (!NT_SUCCESS(SbieApi_Call(API_IS_BOX_ENABLED, 3, (ULONG_PTR)BoxName, (ULONG_PTR)sid, (ULONG_PTR)session_id)))
|
||||||
|
continue;
|
||||||
|
|
||||||
if (SbieDll_CheckStringInList(lpProgram + 1, BoxName, L"ForceProcess")
|
if (SbieDll_CheckStringInList(lpProgram + 1, BoxName, L"ForceProcess")
|
||||||
|| SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), BoxName, L"ForceFolder")) {
|
|| SbieDll_CheckPatternInList(lpApplicationName, (ULONG)(lpProgram - lpApplicationName), BoxName, L"ForceFolder")) {
|
||||||
|
|
Loading…
Reference in New Issue