This commit is contained in:
DavidXanatos 2022-12-23 17:56:15 +01:00
parent b4839f4d80
commit cb9bfcafb4
2 changed files with 36 additions and 16 deletions

View File

@ -11,6 +11,8 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Fixed ### Fixed
- fixed issue with auto delete box on sandman start [#2555](https://github.com/sandboxie-plus/Sandboxie/issues/2555) - fixed issue with auto delete box on sandman start [#2555](https://github.com/sandboxie-plus/Sandboxie/issues/2555)
- fixed issue with windows 11 contetx menu when sandman was not already running [2284](https://github.com/sandboxie-plus/Sandboxie/issues/2284)

View File

@ -844,22 +844,6 @@ HANDLE ProcessServer::RunSandboxedGetToken(
ShouldAdjustDacl = true; ShouldAdjustDacl = true;
} }
/*else if (...) {
//
// use session token
//
ULONG SessionId = PipeServer::GetCallerSessionId();
ok = WTSQueryUserToken(SessionId, &OldTokenHandle);
if (! ok)
return NULL;
ShouldAdjustSessionId = false;
}*/
else else
// OriginalToken BEGIN // OriginalToken BEGIN
if (!SbieApi_QueryConfBool(boxname, L"NoSecurityIsolation", FALSE) && !SbieApi_QueryConfBool(boxname, L"OriginalToken", FALSE)) if (!SbieApi_QueryConfBool(boxname, L"NoSecurityIsolation", FALSE) && !SbieApi_QueryConfBool(boxname, L"OriginalToken", FALSE))
@ -887,6 +871,40 @@ HANDLE ProcessServer::RunSandboxedGetToken(
} }
} }
else
{
typedef LONG (WINAPI *P_GetApplicationUserModelId)(
HANDLE hProcess, UINT32 * applicationUserModelIdLength, PWSTR applicationUserModelId);
static P_GetApplicationUserModelId pGetApplicationUserModelId = (P_GetApplicationUserModelId)-1;
if ((UINT_PTR)pGetApplicationUserModelId == -1)
pGetApplicationUserModelId = (P_GetApplicationUserModelId)GetProcAddress(_Kernel32, "GetApplicationUserModelId");
if (pGetApplicationUserModelId) {
//
// when the calling application is a modern app we can't use it's token
//
UINT32 length = 0;
LONG rc = pGetApplicationUserModelId(CallerProcessHandle, &length, NULL);
if (rc != APPMODEL_ERROR_NO_APPLICATION)
{
//
// use session token
//
ULONG SessionId = PipeServer::GetCallerSessionId();
ok = WTSQueryUserToken(SessionId, &OldTokenHandle);
if (!ok)
return NULL;
ShouldAdjustSessionId = false;
}
}
}
if (! OldTokenHandle) { if (! OldTokenHandle) {