1.5.1
This commit is contained in:
parent
b629fe31a4
commit
d2301a5f52
|
@ -15,6 +15,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
|
|||
- properly fixed the Firefox 106 issue [46e9979](https://github.com/sandboxie-plus/Sandboxie/commit/46e99799e2b753b85224dc921ec141a05025acfd)
|
||||
- fixed issue with alternative UI modes [#2380](https://github.com/sandboxie-plus/Sandboxie/issues/2380)
|
||||
- fixed command line corruption with breakout processes [#2377](https://github.com/sandboxie-plus/Sandboxie/issues/2377)
|
||||
- fixed issues with Privacy Enchanced box types
|
||||
|
||||
|
||||
## [1.5.0 / 5.60.0] - 2022-10-19
|
||||
|
|
|
@ -75,7 +75,7 @@ _FX BOOLEAN CustomizeSandbox(void)
|
|||
|
||||
if ((Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0) {
|
||||
|
||||
Key_CreateBaseKeys();
|
||||
//Key_CreateBaseKeys();
|
||||
Key_CreateBaseFolders();
|
||||
}
|
||||
|
||||
|
@ -920,7 +920,11 @@ _FX HANDLE OpenExplorerKey(
|
|||
|
||||
InitializeObjectAttributes(
|
||||
&objattrs, &uni, OBJ_CASE_INSENSITIVE, NULL, NULL);
|
||||
status = NtOpenKey(&HKey_Root, KEY_READ, &objattrs);
|
||||
status = Key_OpenOrCreateIfBoxed(&HKey_Root, KEY_READ, &objattrs);
|
||||
if (status == STATUS_BAD_INITIAL_PC) {
|
||||
*error = 0;
|
||||
return INVALID_HANDLE_VALUE;
|
||||
}
|
||||
|
||||
if (status != STATUS_SUCCESS) {
|
||||
*error = 0x99;
|
||||
|
@ -934,7 +938,11 @@ _FX HANDLE OpenExplorerKey(
|
|||
RtlInitUnicodeString(&uni, _Explorer);
|
||||
InitializeObjectAttributes(
|
||||
&objattrs, &uni, OBJ_CASE_INSENSITIVE, HKey_Root, NULL);
|
||||
status = NtOpenKey(&HKey_Explorer, KEY_READ, &objattrs);
|
||||
status = Key_OpenOrCreateIfBoxed(&HKey_Explorer, KEY_READ, &objattrs);
|
||||
if (status == STATUS_BAD_INITIAL_PC) {
|
||||
*error = 0;
|
||||
return INVALID_HANDLE_VALUE;
|
||||
}
|
||||
|
||||
NtClose(HKey_Root);
|
||||
|
||||
|
@ -951,9 +959,7 @@ _FX HANDLE OpenExplorerKey(
|
|||
InitializeObjectAttributes(
|
||||
&objattrs, &uni, OBJ_CASE_INSENSITIVE, HKey_Explorer, NULL);
|
||||
|
||||
status = Key_OpenOrCreateIfBoxed(
|
||||
&HKey_Subkey, KEY_ALL_ACCESS, &objattrs);
|
||||
|
||||
status = Key_OpenOrCreateIfBoxed(&HKey_Subkey, KEY_ALL_ACCESS, &objattrs);
|
||||
if (status == STATUS_BAD_INITIAL_PC) {
|
||||
*error = 0;
|
||||
return INVALID_HANDLE_VALUE;
|
||||
|
|
|
@ -478,14 +478,10 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
|
|||
exact = FALSE;
|
||||
wildc = -1; // lower is better
|
||||
match_len = 0;
|
||||
if ((path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0) {
|
||||
|
||||
mp_flags = PATH_WRITE_FLAG; // write path mode
|
||||
}
|
||||
else {
|
||||
|
||||
mp_flags = 0; // normal mode
|
||||
}
|
||||
//if (use_privacy_mode)
|
||||
// mp_flags = PATH_WRITE_FLAG; // write path mode
|
||||
//else
|
||||
// mp_flags = 0; // normal mode
|
||||
|
||||
//
|
||||
// ClosedXxxPath
|
||||
|
|
|
@ -1705,7 +1705,7 @@ SkipReadOnlyCheck:
|
|||
|
||||
RtlInitUnicodeString(&objname, TruePath);
|
||||
|
||||
status = __sys_NtOpenKey(KeyHandle, Wow64KeyReadAccess, &objattrs);
|
||||
status = SbieApi_OpenKey(KeyHandle, TruePath);
|
||||
|
||||
*BackslashPtr = L'\\';
|
||||
|
||||
|
|
|
@ -56,7 +56,7 @@ _FX NTSTATUS Key_OpenIfBoxed(
|
|||
|
||||
ULONG mp_flags = SbieDll_MatchPath(L'k', name);
|
||||
|
||||
if (mp_flags)
|
||||
if ((mp_flags & ~PATH_WRITE_FLAG) != 0)
|
||||
status = STATUS_BAD_INITIAL_PC;
|
||||
else
|
||||
status = NtOpenKey(out_handle, access, objattrs);
|
||||
|
|
|
@ -1450,10 +1450,8 @@ finish:
|
|||
if (cancelled)
|
||||
err = ERROR_CANCELLED;
|
||||
}
|
||||
else
|
||||
{
|
||||
SbieApi_Log(2226, L"%S [%S]", Dll_ImageName, Dll_BoxName);
|
||||
}
|
||||
//else
|
||||
// SbieApi_Log(2226, L"%S [%S]", Dll_ImageName, Dll_BoxName);
|
||||
}
|
||||
|
||||
/*if ((! ok) && (err == ERROR_ELEVATION_REQUIRED)) {
|
||||
|
|
|
@ -797,6 +797,13 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
|||
|
||||
#ifdef USE_MATCH_PATH_EX
|
||||
ok = Process_GetPaths(proc, write_file_paths, _WritePath, TRUE);
|
||||
|
||||
if (ok && proc->use_privacy_mode) { // in privacy mode all drive paths are set to "write"
|
||||
for (i = 0; drive_devices[i] && ok; ++i) {
|
||||
ok = Process_AddPath(proc, write_file_paths, NULL,
|
||||
TRUE, drive_devices[i], FALSE);
|
||||
}
|
||||
}
|
||||
#else
|
||||
ok = Process_GetPaths2(
|
||||
proc, write_file_paths, closed_file_paths,
|
||||
|
@ -833,15 +840,10 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
|
|||
}
|
||||
}
|
||||
|
||||
if (ok) {
|
||||
if (ok && !proc->use_privacy_mode) { // when not in privacy mode we need to set drive paths to "normal"
|
||||
for (i = 0; drive_devices[i] && ok; ++i) {
|
||||
if (proc->use_privacy_mode) { // in privacy mode the default for drives is not "normal" but "write"
|
||||
ok = Process_AddPath(
|
||||
proc, write_file_paths, NULL, FALSE, drive_devices[i], FALSE);
|
||||
} else {
|
||||
ok = Process_AddPath(
|
||||
proc, normal_file_paths, NULL, FALSE, drive_devices[i], FALSE);
|
||||
}
|
||||
ok = Process_AddPath(
|
||||
proc, normal_file_paths, NULL, FALSE, drive_devices[i], FALSE);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -242,12 +242,16 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
|||
static const WCHAR *_WritePath = L"WriteKeyPath";
|
||||
#ifdef USE_MATCH_PATH_EX
|
||||
static const WCHAR *normalpaths[] = {
|
||||
L"HKEY_LOCAL_MACHINE\\*",
|
||||
//L"HKEY_LOCAL_MACHINE\\*",
|
||||
//L"HKEY_CURRENT_USER\\software\\Microsoft\\*",
|
||||
//L"HKEY_CURRENT_USER\\software\\WOW6432Node\\Microsoft\\*",
|
||||
//L"\\REGISTRY\\USER\\*_Classes\\*",
|
||||
NULL
|
||||
};
|
||||
static const WCHAR *writepaths[] = {
|
||||
L"\\REGISTRY\\USER\\*",
|
||||
NULL
|
||||
};
|
||||
#endif
|
||||
static const WCHAR *openkeys[] = {
|
||||
// Application Hives
|
||||
|
@ -273,7 +277,6 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
|||
}
|
||||
|
||||
if (ok && proc->use_privacy_mode) {
|
||||
|
||||
for (i = 0; normalpaths[i] && ok; ++i) {
|
||||
ok = Process_AddPath(proc, &proc->normal_key_paths, NULL,
|
||||
TRUE, normalpaths[i], FALSE);
|
||||
|
@ -341,6 +344,13 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
|
|||
|
||||
#ifdef USE_MATCH_PATH_EX
|
||||
ok = Process_GetPaths(proc, &proc->write_key_paths, _WritePath, TRUE);
|
||||
|
||||
if (ok && proc->use_privacy_mode) {
|
||||
for (i = 0; writepaths[i] && ok; ++i) {
|
||||
ok = Process_AddPath(proc, &proc->write_key_paths, NULL,
|
||||
TRUE, writepaths[i], FALSE);
|
||||
}
|
||||
}
|
||||
#else
|
||||
ok = Process_GetPaths2(
|
||||
proc, &proc->write_key_paths, &proc->closed_key_paths,
|
||||
|
|
|
@ -947,7 +947,8 @@ _FX ULONG Process_MatchPathEx(
|
|||
|
||||
mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_CLOSED_FLAG;
|
||||
}
|
||||
else if (!proc->use_privacy_mode || path_code == L'i') {
|
||||
//else if (!proc->use_privacy_mode || path_code == L'i') {
|
||||
else {
|
||||
|
||||
//
|
||||
// in normal sandbox mode we have read access to all locations unless restricted,
|
||||
|
@ -956,18 +957,20 @@ _FX ULONG Process_MatchPathEx(
|
|||
|
||||
mp_flags = TRUE_PATH_READ_FLAG | COPY_PATH_OPEN_FLAG; // normal mode
|
||||
}
|
||||
else {
|
||||
|
||||
//
|
||||
// in privacy mode we only have read access to selected generic locations,
|
||||
// and read access to user data must be explicityl grated,
|
||||
// also all writes are redirected to the sandbox
|
||||
//
|
||||
// To enable privacy enchanced mode add UsePrivacyMode=y
|
||||
//
|
||||
|
||||
mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_OPEN_FLAG; // write path mode
|
||||
}
|
||||
//else {
|
||||
//
|
||||
// //
|
||||
// // in privacy mode we only have read access to selected generic locations,
|
||||
// // and read access to user data must be explicityl grated,
|
||||
// // also all writes are redirected to the sandbox
|
||||
// //
|
||||
// // Note: as of 1.5.1 all locations are locked down explicitly while the root mode remains normal
|
||||
// //
|
||||
// // To enable privacy enchanced mode add UsePrivacyMode=y
|
||||
// //
|
||||
//
|
||||
// mp_flags = TRUE_PATH_CLOSED_FLAG | COPY_PATH_OPEN_FLAG; // write path mode
|
||||
//}
|
||||
|
||||
//
|
||||
// closed path list, in non specific mode has the higher priority
|
||||
|
|
Loading…
Reference in New Issue