This commit is contained in:
DavidXanatos 2022-08-14 17:40:55 +02:00
parent 56396e62f0
commit e15f39d2e7
7 changed files with 95 additions and 21 deletions

View File

@ -1468,6 +1468,9 @@ _FX NTSTATUS Conf_Api_Reload(PROCESS *proc, ULONG64 *parms)
}
}
void Syscall_Update_Lockdown();
Syscall_Update_Lockdown();
/*
#ifdef HOOK_WIN32K
// must be windows 10 or later

View File

@ -46,6 +46,8 @@ static BOOLEAN Syscall_Init_ServiceData(void);
static void Syscall_ErrorForAsciiName(const UCHAR *name_a);
void Syscall_Update_Lockdown();
//---------------------------------------------------------------------------
@ -980,6 +982,40 @@ _FX NTSTATUS Syscall_Api_Query(PROCESS *proc, ULONG64 *parms)
return STATUS_SUCCESS;
}
//---------------------------------------------------------------------------
// Syscall_Update_Lockdown
//---------------------------------------------------------------------------
_FX void Syscall_Update_Lockdown()
{
SYSCALL_ENTRY *entry;
#ifdef HOOK_WIN32K
Syscall_Update_Lockdown32();
#endif
LIST approved_syscalls;
Syscall_LoadHookMap(L"ApproveWinNtSysCall", &approved_syscalls);
entry = List_Head(&Syscall_List);
while (entry) {
entry->approved = (Syscall_HookMapMatch(entry->name, entry->name_len, &approved_syscalls) != 0);
entry = List_Next(entry);
}
Syscall_FreeHookMap(&approved_syscalls);
}
//---------------------------------------------------------------------------
// Syscall_QuerySystemInfo_SupportProcmonStack
//---------------------------------------------------------------------------
_FX BOOLEAN Syscall_QuerySystemInfo_SupportProcmonStack(
PROCESS *proc, SYSCALL_ENTRY *syscall_entry, ULONG_PTR *user_args)
{

View File

@ -29,6 +29,8 @@ static BOOLEAN Syscall_Init_List32(void);
static BOOLEAN Syscall_Init_Table32(void);
void Syscall_Update_Lockdown32();
//---------------------------------------------------------------------------
@ -710,3 +712,25 @@ _FX NTSTATUS Syscall_Api_Query32(PROCESS *proc, ULONG64 *parms)
return STATUS_SUCCESS;
}
//---------------------------------------------------------------------------
// Syscall_Update_Lockdown32
//---------------------------------------------------------------------------
_FX void Syscall_Update_Lockdown32()
{
SYSCALL_ENTRY *entry;
LIST approved_syscalls;
Syscall_LoadHookMap(L"ApproveWin32SysCall", &approved_syscalls);
entry = List_Head(&Syscall_List32);
while (entry) {
entry->approved = (Syscall_HookMapMatch(entry->name, entry->name_len, &approved_syscalls) != 0);
entry = List_Next(entry);
}
Syscall_FreeHookMap(&approved_syscalls);
}

View File

@ -2427,7 +2427,7 @@ void CSandMan::OnEditIni()
void CSandMan::OnReloadIni()
{
theAPI->ReloadConfig();
theAPI->ReloadConfig(true);
}
void CSandMan::OnIniReloaded()

View File

@ -44,19 +44,21 @@ void COptionsWindow::OnAccessChanged()
UpdateAccessPolicy();
if ((sender() == ui.chkPrivacy || sender() == ui.chkRestrictDevices) && !(ui.chkPrivacy->isChecked() || ui.chkRestrictDevices->isChecked())) {
ui.chkUseSpecificity->setChecked(m_pBox->GetBool("UseRuleSpecificity", false));
}
m_AccessChanged = true;
OnOptChanged();
}
void COptionsWindow::UpdateAccessPolicy()
{
ui.chkUseSpecificity->setEnabled(!(ui.chkPrivacy->isChecked() || ui.chkRestrictDevices->isChecked()));
if (ui.chkPrivacy->isChecked() || ui.chkRestrictDevices->isChecked()) {
ui.chkUseSpecificity->setEnabled(false);
ui.chkUseSpecificity->setChecked(true);
}
else {
ui.chkUseSpecificity->setEnabled(true);
}
}
QTreeWidgetItem* COptionsWindow::GetAccessEntry(EAccessType Type, const QString& Program, EAccessMode Mode, const QString& Path)

View File

@ -256,6 +256,11 @@ void COptionsWindow::OnIsolationChanged()
UpdateBoxIsolation();
if (sender() == ui.chkNoSecurityIsolation && !ui.chkNoSecurityIsolation->isChecked()) {
ui.chkCloseForBox->setChecked(m_pBox->GetBool("AlwaysCloseForBoxed", true));
ui.chkNoOpenForBox->setChecked(m_pBox->GetBool("DontOpenForBoxed", true));
}
m_AdvancedChanged = true;
OnOptChanged();
}
@ -275,8 +280,6 @@ void COptionsWindow::UpdateBoxIsolation()
ui.chkRawDiskRead->setEnabled(!ui.chkNoSecurityIsolation->isChecked()); // without isolation only user mode
ui.chkRawDiskNotify->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
UpdateBoxSecurity();
ui.chkBlockNetShare->setEnabled(!ui.chkNoSecurityFiltering->isChecked());
ui.chkBlockSpooler->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
@ -286,17 +289,13 @@ void COptionsWindow::UpdateBoxIsolation()
ui.chkCloseClipBoard->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkVmRead->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkCloseForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
ui.chkNoOpenForBox->setEnabled(!ui.chkNoSecurityIsolation->isChecked());
if (ui.chkNoSecurityIsolation->isChecked()) {
ui.chkCloseForBox->setEnabled(false);
ui.chkCloseForBox->setChecked(false);
ui.chkNoOpenForBox->setEnabled(false);
ui.chkNoOpenForBox->setChecked(false);
}
else {
ui.chkCloseForBox->setEnabled(true);
ui.chkNoOpenForBox->setEnabled(true);
}
}
void COptionsWindow::OnSysSvcChanged()

View File

@ -295,11 +295,17 @@ void COptionsWindow::UpdateBoxSecurity()
ui.chkLockDown->setEnabled(!ui.chkSecurityMode->isChecked());
ui.chkRestrictDevices->setEnabled(!ui.chkSecurityMode->isChecked());
if (!theAPI->IsRunningAsAdmin()) {
ui.chkDropRights->setEnabled(!ui.chkSecurityMode->isChecked() && !ui.chkNoSecurityIsolation->isChecked() && !theAPI->IsRunningAsAdmin());
}
if (ui.chkSecurityMode->isChecked()) {
ui.chkLockDown->setChecked(true);
ui.chkRestrictDevices->setChecked(true);
ui.chkDropRights->setChecked(true);
}
ui.chkMsiExemptions->setEnabled(!ui.chkDropRights->isChecked());
}
@ -308,15 +314,19 @@ void COptionsWindow::OnSecurityMode()
if (ui.chkSecurityMode->isChecked() || ui.chkLockDown->isChecked() || ui.chkRestrictDevices->isChecked())
theGUI->CheckCertificate(this);
if (ui.chkSecurityMode->isChecked()) {
ui.chkLockDown->setChecked(true);
ui.chkRestrictDevices->setChecked(true);
ui.chkDropRights->setChecked(true);
}
UpdateBoxSecurity();
OnGeneralChanged();
if (sender() == ui.chkSecurityMode && !ui.chkSecurityMode->isChecked()) {
ui.chkLockDown->setChecked(m_pBox->GetBool("SysCallLockDown", false));
ui.chkRestrictDevices->setChecked(m_pBox->GetBool("RestrictDevices", false));
ui.chkDropRights->setChecked(m_pBox->GetBool("DropAdminRights", false));
}
m_GeneralChanged = true;
OnOptChanged();
OnAccessChanged(); // for rule specificity
}
void COptionsWindow::OnPickColor()