mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.0.6

This commit is contained in:
DavidXanatos 2021-12-27 12:25:13 +01:00
parent 7772944f8c
commit e4933a83df
15 changed files with 118 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG.md
View File

@ -14,11 +14,12 @@ This project adheres to [Semantic Versioning](http://semver.org/).
### Changed ### Changed
- "UseSbieWndStation=y" is now the default behavioure [#1442](https://github.com/sandboxie-plus/Sandboxie/issues/1442) - "UseSbieWndStation=y" is now the default behavioure [#1442](https://github.com/sandboxie-plus/Sandboxie/issues/1442)
- disabled Win32k hooking when HVCI is enabled due to an incompatybility (BSOD)
### Fixed ### Fixed
- fixed box initialization issue in privacy mode [#1469](https://github.com/sandboxie-plus/Sandboxie/issues/1469) - fixed box initialization issue in privacy mode [#1469](https://github.com/sandboxie-plus/Sandboxie/issues/1469)
- fixed issue creating shortcuts introduced in a recent build [#1471](https://github.com/sandboxie-plus/Sandboxie/issues/1471) - fixed issue creating shortcuts introduced in a recent build [#1471](https://github.com/sandboxie-plus/Sandboxie/issues/1471)
- fixed access issues in privacy enhanced boxes

8
Sandboxie/core/dll/Win32.c
View File

@ -390,13 +390,11 @@ finish:
_FX BOOLEAN Win32_Init(HMODULE hmodule) _FX BOOLEAN Win32_Init(HMODULE hmodule)
{ {
// In Windows 10 all Win32k.sys calls are located in win32u.dll // In Windows 10 all Win32k.sys calls are located in win32u.dll
if (Dll_OsBuild < 10041 || !SbieApi_QueryConfBool(NULL, L"EnableWin32kHooks", TRUE)) if (Dll_OsBuild < 10041 || (Dll_ProcessFlags & SBIE_FLAG_WIN32K_HOOKABLE) == 0)
return TRUE; // just return on older builds return TRUE; // just return on older builds, or not enabled
// NoSysCallHooks BEGIN if ((Dll_ProcessFlags & SBIE_FLAG_APP_COMPARTMENT) != 0 || SbieApi_data->flags.bNoSysHooks)
if ((Dll_ProcessFlags & SBIE_FLAG_APP_COMPARTMENT) != 0 || SbieApi_QueryConfBool(NULL, L"NoSysCallHooks", FALSE))
return TRUE; return TRUE;
// NoSysCallHooks END
// disable Electron Workaround when we are ready to hook the required win32k syscalls // disable Electron Workaround when we are ready to hook the required win32k syscalls
extern BOOL Dll_ElectronWorkaround; extern BOOL Dll_ElectronWorkaround;

6
Sandboxie/core/dll/custom.c
View File

@ -72,7 +72,11 @@ _FX BOOLEAN CustomizeSandbox(void)
// customize sandbox if we need to // customize sandbox if we need to
// //
Key_CreateBaseKeys(); if ((Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0) {
Key_CreateBaseKeys();
Key_CreateBaseFolders();
}
if (GetSetCustomLevel(0) != '2') { if (GetSetCustomLevel(0) != '2') {

1
Sandboxie/core/dll/dll.h
View File

@ -501,6 +501,7 @@ void Key_DeleteValueFromCLSID(
const WCHAR *Xxxid, const WCHAR *Guid, const WCHAR *ValueName); const WCHAR *Xxxid, const WCHAR *Guid, const WCHAR *ValueName);
void Key_CreateBaseKeys(); void Key_CreateBaseKeys();
void Key_CreateBaseFolders();
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Functions (sxs) // Functions (sxs)

14
Sandboxie/core/dll/dllpath.c
View File

@ -284,6 +284,12 @@ _FX void SbieDll_GetReadablePaths(WCHAR path_code, const WCHAR *path, LIST **lis
lists[2] = &Dll_PathListAnchor->read_key_path; lists[2] = &Dll_PathListAnchor->read_key_path;
lists[3] = NULL; lists[3] = NULL;
} else if (path_code == L'i') {
lists[0] = &Dll_PathListAnchor->normal_ipc_path;
lists[1] = &Dll_PathListAnchor->open_ipc_path;
lists[2] = NULL;
} }
} }
@ -512,7 +518,7 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
int match_len; int match_len;
ULONG level; ULONG level;
BOOLEAN use_rule_specificity = (path_code == L'f' || path_code == L'k') && (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0; BOOLEAN use_rule_specificity = (path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_RULE_SPECIFICITY) != 0;
// //
// set default behavioure // set default behavioure
@ -520,13 +526,13 @@ _FX ULONG SbieDll_MatchPath2(WCHAR path_code, const WCHAR *path, BOOLEAN bCheckO
level = 3; // 3 - global default - lower is better, 3 is max value level = 3; // 3 - global default - lower is better, 3 is max value
match_len = 0; match_len = 0;
if ((path_code != L'f' && path_code != L'k') || (Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) == 0) { if ((path_code == L'f' || path_code == L'k' || path_code == L'i') && (Dll_ProcessFlags & SBIE_FLAG_PRIVACY_MODE) != 0) {
mp_flags = 0; // normal mode mp_flags = PATH_WRITE_FLAG; // write path mode
} }
else { else {
mp_flags = PATH_WRITE_FLAG; // write path mode mp_flags = 0; // normal mode
} }
// //

3
Sandboxie/core/dll/file.c
View File

@ -341,6 +341,9 @@ static void *File_Wow64DisableWow64FsRedirection = NULL;
static void *File_Wow64RevertWow64FsRedirection = NULL; static void *File_Wow64RevertWow64FsRedirection = NULL;
#endif WOW64_FS_REDIR #endif WOW64_FS_REDIR
static WCHAR *File_SysVolume = NULL;
static ULONG File_SysVolumeLen = 0;
static WCHAR *File_AllUsers = NULL; static WCHAR *File_AllUsers = NULL;
static ULONG File_AllUsersLen = 0; static ULONG File_AllUsersLen = 0;

20
Sandboxie/core/dll/file_dir.c
View File

@ -4108,3 +4108,23 @@ _FX void File_UnScrambleShortName(WCHAR* ShortName, ULONG ScramKey)
if (ShortName[ShortNameLength - 1] == L'.') if (ShortName[ShortNameLength - 1] == L'.')
ShortName[ShortNameLength-- - 1] = 0; ShortName[ShortNameLength-- - 1] = 0;
} }
//---------------------------------------------------------------------------
// Key_CreateBaseFolders
//---------------------------------------------------------------------------
_FX void Key_CreateBaseFolders()
{
//
// in privacy mode we need to pre create some folders or else programs may fail
//
File_CreateBoxedPath(File_SysVolume);
if (SbieApi_QueryConfBool(NULL, L"SeparateUserFolders", TRUE)) {
File_CreateBoxedPath(File_AllUsers);
File_CreateBoxedPath(File_CurrentUser);
}
}

23
Sandboxie/core/dll/file_init.c
View File

@ -297,6 +297,9 @@ _FX void File_InitPathList(void)
UNICODE_STRING objname; UNICODE_STRING objname;
IO_STATUS_BLOCK MyIoStatusBlock; IO_STATUS_BLOCK MyIoStatusBlock;
HANDLE handle; HANDLE handle;
WCHAR *buf, *ptr;
// why do we do that?
RtlInitUnicodeString(&objname, L"\\SystemRoot"); RtlInitUnicodeString(&objname, L"\\SystemRoot");
InitializeObjectAttributes( InitializeObjectAttributes(
@ -304,6 +307,26 @@ _FX void File_InitPathList(void)
handle = 0; handle = 0;
NtOpenFile(&handle, FILE_READ_DATA, &objattrs, NtOpenFile(&handle, FILE_READ_DATA, &objattrs,
&MyIoStatusBlock, FILE_SHARE_VALID_FLAGS, 0); &MyIoStatusBlock, FILE_SHARE_VALID_FLAGS, 0);
// since we do that for some reason lets use it to get the system volume
const ULONG PATH_BUF_LEN = 1024;
buf = Dll_AllocTemp(PATH_BUF_LEN);
if (NT_SUCCESS(File_GetFileName(handle, PATH_BUF_LEN, buf)) && (ptr = wcsrchr(buf, L'\\')) != NULL)
ptr[1] = L'\0'; // strip the folder name
else // fallback
wcscpy(buf, L"\\??\\C:\\");
File_SysVolumeLen = wcslen(buf);
File_SysVolume =
Dll_Alloc((File_SysVolumeLen + 1) * sizeof(WCHAR));
wcscpy(File_SysVolume, buf);
Dll_Free(buf);
//
if (handle) if (handle)
NtClose(handle); NtClose(handle);

4
Sandboxie/core/drv/api_flags.h
View File

@ -97,7 +97,8 @@
//#define SBIE_FLAG_BLOCK_FAKE_INPUT 0x00001000 //#define SBIE_FLAG_BLOCK_FAKE_INPUT 0x00001000
#define SBIE_FLAG_OPEN_ALL_WIN_CLASS 0x00002000 #define SBIE_FLAG_OPEN_ALL_WIN_CLASS 0x00002000
//#define SBIE_FLAG_BLOCK_SYS_PARAM 0x00004000 //#define SBIE_FLAG_BLOCK_SYS_PARAM 0x00004000
//0x00008000 #define SBIE_FLAG_WIN32K_HOOKABLE 0x00008000
//0x00010000 //0x00010000
//0x00020000 //0x00020000
//0x00040000 //0x00040000
@ -106,6 +107,7 @@
//0x00200000 //0x00200000
//0x00400000 //0x00400000
//0x00800000 //0x00800000
#define SBIE_FLAG_APP_COMPARTMENT 0x01000000 #define SBIE_FLAG_APP_COMPARTMENT 0x01000000
#define SBIE_FLAG_PRIVACY_MODE 0x02000000 #define SBIE_FLAG_PRIVACY_MODE 0x02000000
#define SBIE_FLAG_RULE_SPECIFICITY 0x04000000 #define SBIE_FLAG_RULE_SPECIFICITY 0x04000000

32
Sandboxie/core/drv/driver.c
View File

@ -764,18 +764,17 @@ _FX NTSTATUS Driver_Api_Unload(PROCESS *proc, ULONG64 *parms)
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Driver_CheckThirdParty // Driver_GetRegDword
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
_FX BOOLEAN Driver_CheckThirdParty( _FX ULONG Driver_GetRegDword(
const WCHAR *DriverName, ULONG DriverType) const WCHAR *KeyPath, const WCHAR *ValueName)
{ {
NTSTATUS status; NTSTATUS status;
RTL_QUERY_REGISTRY_TABLE qrt[2]; RTL_QUERY_REGISTRY_TABLE qrt[2];
UNICODE_STRING uni; UNICODE_STRING uni;
ULONG value; ULONG value;
BOOLEAN IsInstalled = FALSE;
value = -1; value = -1;
@ -787,28 +786,25 @@ _FX BOOLEAN Driver_CheckThirdParty(
qrt[0].Flags = RTL_QUERY_REGISTRY_REQUIRED | qrt[0].Flags = RTL_QUERY_REGISTRY_REQUIRED |
RTL_QUERY_REGISTRY_DIRECT | RTL_QUERY_REGISTRY_DIRECT |
RTL_QUERY_REGISTRY_NOEXPAND; RTL_QUERY_REGISTRY_NOEXPAND;
qrt[0].Name = (WCHAR *)L"Type"; qrt[0].Name = (WCHAR *)ValueName;
qrt[0].EntryContext = &uni; qrt[0].EntryContext = &uni;
qrt[0].DefaultType = REG_NONE; qrt[0].DefaultType = REG_NONE;
status = RtlQueryRegistryValues( status = RtlQueryRegistryValues(
RTL_REGISTRY_SERVICES, DriverName, qrt, NULL, NULL); RTL_REGISTRY_ABSOLUTE, KeyPath, qrt, NULL, NULL);
if (status == STATUS_SUCCESS) { if (status != STATUS_SUCCESS)
return 0;
if (value == -1) { if (value == -1) {
// //
// if value is not string, RtlQueryRegistryValues writes // if value is not string, RtlQueryRegistryValues writes
// it directly into EntryContext // it directly into EntryContext
// //
value = *(ULONG *)&uni; value = *(ULONG *)&uni;
}
if (value == DriverType)
IsInstalled = TRUE;
} }
return IsInstalled; return value;
} }

3
Sandboxie/core/drv/driver.h
View File

@ -104,7 +104,8 @@ extern P_NtSetInformationToken ZwSetInformationToken;
NTSTATUS Driver_Api_Unload(PROCESS *proc, ULONG64 *parms); NTSTATUS Driver_Api_Unload(PROCESS *proc, ULONG64 *parms);
BOOLEAN Driver_CheckThirdParty(const WCHAR *DriverName, ULONG DriverType); ULONG Driver_GetRegDword(
const WCHAR *KeyPath, const WCHAR *ValueName);
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------

5
Sandboxie/core/drv/key_xp.c
View File

@ -176,11 +176,10 @@ _FX BOOLEAN Key_Init_XpHook(void)
return FALSE; return FALSE;
Key_ParseHooked = TRUE; Key_ParseHooked = TRUE;
if (Driver_CheckThirdParty(L"klif", SERVICE_KERNEL_DRIVER)) if (Driver_GetRegDword(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" L"klif", L"Type") == SERVICE_KERNEL_DRIVER)
Key_HookWaitForSingleObject(); Key_HookWaitForSingleObject();
if (Driver_CheckThirdParty(L"SAVOnAccessControl", if (Driver_GetRegDword(L"\\Registry\\Machine\\System\\CurrentControlSet\\Services\\" L"SAVOnAccessControl", L"Type") == SERVICE_FILE_SYSTEM_DRIVER)
SERVICE_FILE_SYSTEM_DRIVER))
Key_NeverUnmountHives = TRUE; Key_NeverUnmountHives = TRUE;
return TRUE; return TRUE;

11
Sandboxie/core/drv/process_api.c
View File

@ -380,11 +380,14 @@ _FX NTSTATUS Process_Api_QueryInfo(PROCESS *proc, ULONG64 *parms)
if (proc->open_all_win_classes) if (proc->open_all_win_classes)
flags |= SBIE_FLAG_OPEN_ALL_WIN_CLASS; flags |= SBIE_FLAG_OPEN_ALL_WIN_CLASS;
extern ULONG Syscall_MaxIndex32;
if (Syscall_MaxIndex32 != 0)
flags |= SBIE_FLAG_WIN32K_HOOKABLE;
//if (proc->use_rule_specificity) if (proc->use_rule_specificity)
// flags |= SBIE_FLAG_RULE_SPECIFICITY; flags |= SBIE_FLAG_RULE_SPECIFICITY;
//if (proc->use_privacy_mode) if (proc->use_privacy_mode)
// flags |= SBIE_FLAG_PRIVACY_MODE; flags |= SBIE_FLAG_PRIVACY_MODE;
if (proc->bAppCompartment) if (proc->bAppCompartment)
flags |= SBIE_FLAG_APP_COMPARTMENT; flags |= SBIE_FLAG_APP_COMPARTMENT;
} }

24
Sandboxie/core/drv/syscall.c
View File

@ -221,8 +221,24 @@ _FX BOOLEAN Syscall_Init(void)
return FALSE; return FALSE;
#ifdef HOOK_WIN32K #ifdef HOOK_WIN32K
// must be windows 10 or later // Don't use experimental features by default
if (Driver_OsBuild >= 10041 && Conf_Get_Boolean(NULL, L"EnableWin32kHooks", 0, TRUE)) { //
// Win32k Hooking requirers 10 or later as only thre Win32u.dll is available
//
// Note: Win32k Hooking is not compatible with HVCI causing a BSOD
// KERNEL_SECURITY_CHECK_FAILURE (139)
// A kernel component has corrupted a critical data structure.
// Arguments:
// Arg1: 0000000000000000, A stack-based buffer has been overrun.
// Arg2: 0000000000000000, Address of the trap frame for the exception that caused the bugcheck
// Arg3: 0000000000000000, Address of the exception record for the exception that caused the bugcheck
// Arg4: ffffxxxxxxxxxxxx, Reserved
//
// Note: this feature applied to GdiDdDDI* solves HW Acceleration issues with chromium, hence we enable it if possible
//
if (Driver_OsBuild >= 10041 && Conf_Get_Boolean(NULL, L"EnableWin32kHooks", 0, TRUE)
&& Driver_GetRegDword(L"\\Registry\\Machine\\System\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios\\HypervisorEnforcedCodeIntegrity", L"Enabled") == 0) {
if (!Syscall_Init_List32()) if (!Syscall_Init_List32())
return FALSE; return FALSE;
@ -1034,10 +1050,10 @@ _FX NTSTATUS Syscall_Api_Query(PROCESS *proc, ULONG64 *parms)
SYSCALL_ENTRY *entry; SYSCALL_ENTRY *entry;
#ifdef HOOK_WIN32K #ifdef HOOK_WIN32K
if (parms[2] == 1) { // win32k if (parms[2] == 1) { // 1 - win32k
return Syscall_Api_Query32(proc, parms); return Syscall_Api_Query32(proc, parms);
} }
else if (parms[2] != 0) { // ntoskrnl else if (parms[2] != 0) { // 0 - ntoskrnl
return STATUS_INVALID_PARAMETER; return STATUS_INVALID_PARAMETER;
} }
#endif #endif

3
Sandboxie/core/drv/syscall_win32.c
View File

@ -601,6 +601,9 @@ _FX NTSTATUS Syscall_Api_Query32(PROCESS *proc, ULONG64 *parms)
ULONG *ptr; ULONG *ptr;
SYSCALL_ENTRY *entry; SYSCALL_ENTRY *entry;
if (Syscall_MaxIndex32 == 0)
return STATUS_NOT_IMPLEMENTED;
BOOLEAN add_names = parms[3] != 0; BOOLEAN add_names = parms[3] != 0;
// //