mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.11.0b

This commit is contained in:
DavidXanatos 2023-08-27 10:56:27 +02:00
parent f04c98fba2
commit dbb01ef7cf
7 changed files with 34 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
Sandboxie/core/drv/process.c
View File

@ -778,22 +778,32 @@ _FX PROCESS *Process_Create(
exclusive_setting = L"NoSecurityIsolation";
else if (proc->protect_host_images)
exclusive_setting = L"ProtectHostImages";
else if (proc->confidential_box)
exclusive_setting = L"ConfidentialBox";
if (exclusive_setting) {
Log_Msg_Process(MSG_6004, proc->box->name, exclusive_setting, box->session_id, proc->pid);
//Pool_Delete(pool);
//Process_CreateTerminated(ProcessId, box->session_id);
//return NULL;
// allow the process to run for a sort while to allow the features to be evaluated
Process_ScheduleKill(proc, 5*60*1000); // 5 minutes
}
}
if (!CERT_IS_LEVEL(Verify_CertInfo, eCertStandard2) && !proc->image_sbie) {
const WCHAR* exclusive_setting = NULL;
if (proc->confidential_box)
exclusive_setting = L"ConfidentialBox";
if (exclusive_setting) {
Log_Msg_Process(MSG_6009, proc->box->name, exclusive_setting, box->session_id, proc->pid);
Pool_Delete(pool);
Process_CreateTerminated(ProcessId, box->session_id);
return NULL;
}
}
//
// configure monitor options
//

10
Sandboxie/core/drv/verify.c
View File

@ -762,9 +762,9 @@ _FX NTSTATUS KphValidateCertificate()
Verify_CertInfo.level = eCertStandard;
else if (level && _wcsicmp(level, L"ADVANCED") == 0)
Verify_CertInfo.level = eCertAdvanced;
// scheme 1.1 >>>
else if (CERT_IS_TYPE(Verify_CertInfo, eCertPersonal) || CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
{
// scheme 1.1 >>>
if (level && _wcsicmp(level, L"HUGE") == 0) {
Verify_CertInfo.type = eCertEternal;
Verify_CertInfo.level = eCertMaxLevel;
@ -774,24 +774,24 @@ _FX NTSTATUS KphValidateCertificate()
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 0, 2); // 2 years
}
else if (level && _wcsicmp(level, L"MEDIUM") == 0) { // 1 year - personal
Verify_CertInfo.level = eCertStandard;
Verify_CertInfo.level = eCertStandard2;
}
else if (level && _wcsicmp(level, L"ENTRY") == 0) { // PATREON-ENTRY new patreons get only 3 montgs for start
Verify_CertInfo.level = eCertStandard;
Verify_CertInfo.level = eCertStandard2;
if(CERT_IS_TYPE(Verify_CertInfo, eCertPatreon))
Verify_CertInfo.type = eCertEntryPatreon;
expiration_date.QuadPart = cert_date.QuadPart + KphGetDateInterval(0, 3, 0);
}
else if (level && _wcsicmp(level, L"SMALL") == 0) { // 1 year - subscription
Verify_CertInfo.level = eCertStandard;
Verify_CertInfo.level = eCertStandard2;
Verify_CertInfo.type = eCertSubscription;
}
else
// <<< scheme 1.1
Verify_CertInfo.level = eCertStandard;
}
else if (CERT_IS_TYPE(Verify_CertInfo, eCertBusiness))
Verify_CertInfo.level = eCertStandard;
// <<< scheme 1.1
if(CertDbg) DbgPrint("Sbie Cert level: %X\n", Verify_CertInfo.level);

3
Sandboxie/core/drv/verify.h
View File

@ -78,7 +78,8 @@ enum ECertType {
enum ECertLevel {
eCertNoLevel = 0b000,
eCertStandard = 0b010,
eCertAdvanced = 0b100,
eCertStandard2 = 0b011,
eCertAdvanced = 0b101,
eCertMaxLevel = 0b111,
};

7
Sandboxie/core/svc/MountManager.cpp
View File

@ -980,9 +980,10 @@ bool MountManager::AcquireBoxRoot(const WCHAR* boxname, const WCHAR* reg_root, c
std::wstring TargetNtPath;
SCertInfo CertInfo = { 0 };
if (UseFileImage && (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, eCertAdvanced))) {
const WCHAR* strings[] = { boxname, L"UseFileImage", NULL };
SbieApi_LogMsgExt(session_id, 6009, strings);
//if ((UseFileImage || UseRamDisk) && (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, (UseFileImage ? eCertAdvanced : eCertStandard)))) {
if ((UseFileImage || UseRamDisk) && (!NT_SUCCESS(SbieApi_Call(API_QUERY_DRIVER_INFO, 3, -1, (ULONG_PTR)&CertInfo, sizeof(CertInfo))) || !CERT_IS_LEVEL(CertInfo, (UseFileImage ? 0b100 : eCertStandard)))) {
const WCHAR* strings[] = { boxname, UseFileImage ? L"UseFileImage" : L"UseRamDisk" , NULL };
SbieApi_LogMsgExt(session_id, UseFileImage ? 6009 : 6008, strings);
errlvl = 0x66;
} else

7
SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
View File

@ -87,15 +87,18 @@ void COptionsWindow::CreateGeneral()
}
}
if (g_Certificate.isEmpty()) {
if (!CERT_IS_LEVEL(g_CertInfo, eCertStandard)) {
QWidget* ExWidgets[] = { ui.chkSecurityMode, ui.chkLockDown, ui.chkRestrictDevices,
ui.chkPrivacy, ui.chkUseSpecificity,
ui.chkNoSecurityIsolation, ui.chkNoSecurityFiltering, ui.chkConfidential, ui.chkHostProtect, NULL };
ui.chkNoSecurityIsolation, ui.chkNoSecurityFiltering, ui.chkHostProtect, NULL };
for (QWidget** ExWidget = ExWidgets; *ExWidget != NULL; ExWidget++)
COptionsWindow__AddCertIcon(*ExWidget);
}
if (!CERT_IS_LEVEL(g_CertInfo, eCertStandard2))
COptionsWindow__AddCertIcon(ui.chkConfidential, true);
if (!CERT_IS_LEVEL(g_CertInfo, eCertAdvanced)) {
COptionsWindow__AddCertIcon(ui.chkEncrypt, true);
COptionsWindow__AddCertIcon(ui.chkAllowEfs, true);
}

1
SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
View File

@ -523,6 +523,7 @@ CSettingsWindow::CSettingsWindow(QWidget* parent)
//COptionsWindow__AddCertIcon(ui.chkUpdateTemplates);
COptionsWindow__AddCertIcon(ui.chkUpdateIssues);
COptionsWindow__AddCertIcon(ui.chkRamDisk);
this->installEventFilter(this); // prevent enter from closing the dialog

2
SandboxiePlus/version.h
View File

@ -3,7 +3,7 @@
#define VERSION_MJR 1
#define VERSION_MIN 11
#define VERSION_REV 0
#define VERSION_UPD 1
#define VERSION_UPD 2
#ifndef STR
#define STR2(X) #X