mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.1.0

This commit is contained in:
DavidXanatos 2022-02-13 13:27:26 +01:00
parent 9d8ef41fb5
commit e94568b3a4
28 changed files with 557 additions and 370 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
CHANGELOG.md
View File

@ -6,57 +6,79 @@ This project adheres to [Semantic Versioning](http://semver.org/).
# [1.1.0 / 5.56.0] - 2022-01-06 ## [1.1.0 / 5.56.0] - 2022-01-??
### Added ### Added
- added support for NtRenameKey (this requires UseRegDeleteV2=y) [#205](https://github.com/sandboxie-plus/Sandboxie/issues/205) - added support for NtRenameKey (this requires UseRegDeleteV2=y) [#205](https://github.com/sandboxie-plus/Sandboxie/issues/205)
- FIXED SECURITY ISSUE: memory of unsandboxed processes can no longer be read, except for exceptions
- added ReadIpcPath to enable more flexibility in IPC usage
### Changed ### Changed
- reworked the mechanism sandboxie uses to mark host files as deleted - reworked the mechanism sandboxie uses to mark host files as deleted
-- the new behavioure creates a data file in the box root FilePaths.dat instead of creating dummy files -- the new behavioure creates a data file in the box root FilePaths.dat instead of creating dummy files
-- it can be enabled with UseFileDeleteV2=y sane for the registry UseRegDeleteV2=y using RegPaths.dat -- it can be enabled with UseFileDeleteV2=y sane for the registry UseRegDeleteV2=y using RegPaths.dat
- disabled a couple driver based workarounds for boxes in compartment mode as then thay should not be required - disabled a couple driver based workarounds for boxes in compartment mode as then thay should not be required
- removed "AlwaysUseWin32kHooks", now these win32 hooks are always enabled
-- note: you can use "UseWin32kHooks=program.exe,n" to disable them for sellected programs
- EnableObjectFiltering is now set enabled by default, and replaces sbies old process/thread handle filter
### Fixed ### Fixed
- fixed folder rename issues (this requires UseFileDeleteV2=y) [#71](https://github.com/sandboxie-plus/Sandboxie/issues/71) - fixed folder rename issues (this requires UseFileDeleteV2=y) [#71](https://github.com/sandboxie-plus/Sandboxie/issues/71)
- fixed issue with process access [#1603](https://github.com/sandboxie-plus/Sandboxie/issues/1603)
## [1.0.11 / 5.55.11] - 2022-02-14
# [1.0.10 / 5.55.10] - 2022-01-06
### Added ### Added
- added option to show only boxes in tray with runnign processes [#1186](https://github.com/sandboxie-plus/Sandboxie/issues/1186) - added optional tray notification when a box content gets auto deleted
-- additional option show only pinned bixes, in box options a bix can be set to be always shown in theay list (Pinned) - added FreeDownloadManager template
- added options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589) - added warnign when opening unsandboxed regedit [#1606](https://github.com/sandboxie-plus/Sandboxie/issues/1606)
- added 'Run Un-Sandboxed' context menu option
- added new trigger "OnBoxDelete" that allows to specify a command that is run UNBOXED just before the box content gets deleted
-- note: this can be used as a replacemetn to the DeleteCommand [#591](https://github.com/sandboxie-plus/Sandboxie/issues/591)
- sellected box operations (deletion) no longer show the progress dialog [1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
-- instead a box with a running operation show a blinking hour glass icon, the context menu can be used to cancel the operation
### Changed ### Changed
- HideHostProcess=program.exe can now be used to hide sandboxie services [#1336](https://github.com/sandboxie-plus/Sandboxie/issues/1336) - the asynchroniouse box operations introduced in the last build are due to a pupular request now disabled by default
- moved sys tray options from general to shell integration tab
### Fixed
- fixed compatybility issue with SECUROM [#1597](https://github.com/sandboxie-plus/Sandboxie/issues/1597)
- fixed modality issue [#1615](https://github.com/sandboxie-plus/Sandboxie/issues/1615)
## [1.0.10 / 5.55.10] - 2022-02-06
### Added
- added option to show only boxes in tray with running processes [#1186](https://github.com/sandboxie-plus/Sandboxie/issues/1186)
-- additional option shows only pinned boxes, in box options a box can be set to be always shown in tray list (Pinned)
- added Options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589)
- added `Run Un-Sandboxed` context menu option
- added new trigger `OnBoxDelete` that allows to specify a command that is run UNBOXED just before the box content gets deleted
-- note: this can be used as a replacement to `DeleteCommand` [#591](https://github.com/sandboxie-plus/Sandboxie/issues/591)
- selected box operations (deletion) no longer show the progress dialog [#1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
-- if a box with a running operation shows a blinking hour glass icon, the context menu can be used to cancel the operation
### Changed
- `HideHostProcess=program.exe` can now be used to hide sandboxie services [#1336](https://github.com/sandboxie-plus/Sandboxie/issues/1336)
- updater blocking is now done using a template called BlockSoftwareUpdaters - updater blocking is now done using a template called BlockSoftwareUpdaters
- enchanced "StartProgram=..." making "StartCommand=..." obsolete - enhanced `StartProgram=...` makes `StartCommand=...` obsolete
-- for same functionality as "StartCommand=..." use "StartProgram=%SbieHome%\Start.exe ..." -- for same functionality as `StartCommand=...`, use `StartProgram=%SbieHome%\Start.exe ...`
- merged "Auto Start" General tab with the "Auto Exec" Advanced tab into a universal"Triggers" Advanced tab - merged `Auto Start` General tab with the `Auto Exec` Advanced tab into a universal `Triggers` Advanced tab
### Fixed ### Fixed
- fixed a couple issues with the new breakout process feature and improved security (thanks Diversenok) - fixed a couple issues with the new breakout process feature and improved security (thanks Diversenok)
- fixed issues with re opening already open windows [#1584](https://github.com/sandboxie-plus/Sandboxie/issues/1584) - fixed issues with re-opening windows already open [#1584](https://github.com/sandboxie-plus/Sandboxie/issues/1584)
- fixed issue with desktop access [#1588](https://github.com/sandboxie-plus/Sandboxie/issues/1588) - fixed issue with desktop access [#1588](https://github.com/sandboxie-plus/Sandboxie/issues/1588)
- fixed issue handling commandline invokation [#1133](https://github.com/sandboxie-plus/Sandboxie/issues/1133) - fixed issue about command line invocation handling [#1133](https://github.com/sandboxie-plus/Sandboxie/issues/1133)
- fixed ui issue with main window state when switching always on top attribute [#1169](https://github.com/sandboxie-plus/Sandboxie/issues/1169) - fixed UI issue with main window state when switching always on top attribute [#1169](https://github.com/sandboxie-plus/Sandboxie/issues/1169)
- fixed issue with box context menu in tray list [1106](https://github.com/sandboxie-plus/Sandboxie/issues/1106) - fixed issue with box context menu in tray list [1106](https://github.com/sandboxie-plus/Sandboxie/issues/1106)
- fixed issue with "AutoExec=..." - fixed issue with `AutoExec=...`
- fixed issues canceling box deletion operations didn't working [1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061) - fixed issues where canceling box deletion operations didn't work [#1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
- fixed issue with DPI scalling and color picker dialog [#803](https://github.com/sandboxie-plus/Sandboxie/issues/803) - fixed issue with DPI scalling and color picker dialog [#803](https://github.com/sandboxie-plus/Sandboxie/issues/803)
### Removed ### Removed
- removed UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y used for free download manager as it broke other things - removed `UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y` used for Free Download Manager as it broke other things
-- when using free download manager ad the line manually to your sandboxie.ini -- only if you use Free Download Manager together with the setting `RpcMgmtSetComTimeout=n` in a sandbox, you have to add the line manually to your Sandboxie.ini

6
Sandboxie/common/pool.c
View File

@ -373,7 +373,7 @@ static const WCHAR *Pool_large_chunks_lock_Name = L"PoolLockL";
ALIGNED void *Pool_Alloc_Mem(ULONG size, ULONG tag) ALIGNED void *Pool_Alloc_Mem(ULONG size, ULONG tag)
{ {
void *ptr; void *ptr = NULL;
Pool_Timing(NULL); Pool_Timing(NULL);
@ -382,7 +382,9 @@ ALIGNED void *Pool_Alloc_Mem(ULONG size, ULONG tag)
#ifdef KERNEL_MODE #ifdef KERNEL_MODE
ptr = ExAllocatePoolWithTag(PagedPool, size, tag); ptr = ExAllocatePoolWithTag(PagedPool, size, tag);
#else #else
ptr = VirtualAlloc(0, size, MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN, //ptr = VirtualAlloc(0, size, MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN,
ULONG_PTR RegionSize = size;
NtAllocateVirtualMemory(NtCurrentProcess(), &ptr, 0, &RegionSize, MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN,
((UCHAR)tag == 0xFF ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE)); ((UCHAR)tag == 0xFF ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE));
#endif #endif
// printf("Allocated %d bytes at %08X\n", size, ptr); // printf("Allocated %d bytes at %08X\n", size, ptr);

9
Sandboxie/common/wow64ext/CMemPtr.h
View File

@ -34,14 +34,21 @@ public:
{ {
if (*m_ptr && watchActive) if (*m_ptr && watchActive)
{ {
free(*m_ptr); HeapFree(GetProcessHeap(), 0, *m_ptr);
*m_ptr = 0; *m_ptr = 0;
} }
} }
static void* Alloc(size_t size) {
return HeapAlloc(GetProcessHeap(), 0, size);
}
void disableWatch() { watchActive = false; } void disableWatch() { watchActive = false; }
}; };
#define NEW(size) \
CMemPtr::Alloc(size)
#define WATCH(ptr) \ #define WATCH(ptr) \
CMemPtr watch_##ptr((void**)&ptr) CMemPtr watch_##ptr((void**)&ptr)

19
Sandboxie/common/wow64ext/wow64ext.cpp
View File

@ -37,17 +37,6 @@
//HANDLE g_heap; //HANDLE g_heap;
BOOL g_isWow64 = TRUE; BOOL g_isWow64 = TRUE;
void* malloc(size_t size)
{
return HeapAlloc(GetProcessHeap(), 0, size);
}
void free(void* ptr)
{
if (nullptr != ptr)
HeapFree(GetProcessHeap(), 0, ptr);
}
#include "CMemPtr.h" #include "CMemPtr.h"
/*int _wcsicmp(const wchar_t *string1, const wchar_t *string2) /*int _wcsicmp(const wchar_t *string1, const wchar_t *string2)
@ -329,7 +318,7 @@ extern "C" DWORD64 __cdecl GetModuleHandle64(const wchar_t* lpModuleName)
{ {
getMem64(&head, head.InLoadOrderLinks.Flink, sizeof(LDR_DATA_TABLE_ENTRY64)); getMem64(&head, head.InLoadOrderLinks.Flink, sizeof(LDR_DATA_TABLE_ENTRY64));
wchar_t* tempBuf = (wchar_t*)malloc(head.BaseDllName.MaximumLength); wchar_t* tempBuf = (wchar_t*)NEW(head.BaseDllName.MaximumLength);
if (nullptr == tempBuf) if (nullptr == tempBuf)
return 0; return 0;
WATCH(tempBuf); WATCH(tempBuf);
@ -373,19 +362,19 @@ DWORD64 getLdrGetProcedureAddress()
IMAGE_EXPORT_DIRECTORY ied; IMAGE_EXPORT_DIRECTORY ied;
getMem64(&ied, modBase + idd.VirtualAddress, sizeof(ied)); getMem64(&ied, modBase + idd.VirtualAddress, sizeof(ied));
DWORD* rvaTable = (DWORD*)malloc(sizeof(DWORD)*ied.NumberOfFunctions); DWORD* rvaTable = (DWORD*)NEW(sizeof(DWORD)*ied.NumberOfFunctions);
if (nullptr == rvaTable) if (nullptr == rvaTable)
return 0; return 0;
WATCH(rvaTable); WATCH(rvaTable);
getMem64(rvaTable, modBase + ied.AddressOfFunctions, sizeof(DWORD)*ied.NumberOfFunctions); getMem64(rvaTable, modBase + ied.AddressOfFunctions, sizeof(DWORD)*ied.NumberOfFunctions);
WORD* ordTable = (WORD*)malloc(sizeof(WORD)*ied.NumberOfFunctions); WORD* ordTable = (WORD*)NEW(sizeof(WORD)*ied.NumberOfFunctions);
if (nullptr == ordTable) if (nullptr == ordTable)
return 0; return 0;
WATCH(ordTable); WATCH(ordTable);
getMem64(ordTable, modBase + ied.AddressOfNameOrdinals, sizeof(WORD)*ied.NumberOfFunctions); getMem64(ordTable, modBase + ied.AddressOfNameOrdinals, sizeof(WORD)*ied.NumberOfFunctions);
DWORD* nameTable = (DWORD*)malloc(sizeof(DWORD)*ied.NumberOfNames); DWORD* nameTable = (DWORD*)NEW(sizeof(DWORD)*ied.NumberOfNames);
if (nullptr == nameTable) if (nullptr == nameTable)
return 0; return 0;
WATCH(nameTable); WATCH(nameTable);

9
Sandboxie/core/dll/Win32.c
View File

@ -393,21 +393,20 @@ _FX BOOLEAN Win32_Init(HMODULE hmodule)
if (Dll_OsBuild < 10041 || (Dll_ProcessFlags & SBIE_FLAG_WIN32K_HOOKABLE) == 0 || !SbieApi_QueryConfBool(NULL, L"EnableWin32kHooks", TRUE)) if (Dll_OsBuild < 10041 || (Dll_ProcessFlags & SBIE_FLAG_WIN32K_HOOKABLE) == 0 || !SbieApi_QueryConfBool(NULL, L"EnableWin32kHooks", TRUE))
return TRUE; // just return on older builds, or not enabled return TRUE; // just return on older builds, or not enabled
if (Dll_CompartmentMode || SbieApi_data->flags.bNoSysHooks)
return TRUE;
// disable Electron Workaround when we are ready to hook the required win32k syscalls // disable Electron Workaround when we are ready to hook the required win32k syscalls
extern BOOL Dll_ElectronWorkaround; extern BOOL Dll_ElectronWorkaround;
Dll_ElectronWorkaround = FALSE; Dll_ElectronWorkaround = FALSE;
if (Dll_CompartmentMode || SbieApi_data->flags.bNoSysHooks)
return TRUE;
// //
// chrome needs for a working GPU acceleration the GdiDdDDI* win32k syscalls to have the right user token // chrome needs for a working GPU acceleration the GdiDdDDI* win32k syscalls to have the right user token
// //
WCHAR* cmdline = GetCommandLine(); WCHAR* cmdline = GetCommandLine();
if ((wcsstr(cmdline, L"--type=gpu-process") != NULL && wcsstr(cmdline, L"--gpu-preferences=") != NULL) if (SbieDll_GetSettingsForName_bool(NULL, Dll_ImageName, L"UseWin32kHooks", TRUE)) {
|| SbieDll_GetSettingsForName_bool(NULL, Dll_ImageName, L"AlwaysUseWin32kHooks", FALSE)) {
#ifndef _WIN64 #ifndef _WIN64
if (Dll_IsWow64) if (Dll_IsWow64)

10
Sandboxie/core/dll/debug.c
View File

@ -407,15 +407,13 @@ void DbgPrint(const char* format, ...)
va_list va_args; va_list va_args;
va_start(va_args, format); va_start(va_args, format);
char *tmp1 = Dll_AllocTemp(510); char tmp1[510];
extern int(*P_vsnprintf)(char *_Buffer, size_t Count, const char * const, va_list Args); extern int(*P_vsnprintf)(char *_Buffer, size_t Count, const char * const, va_list Args);
P_vsnprintf(tmp1, 510, format, va_args); P_vsnprintf(tmp1, 510, format, va_args);
OutputDebugStringA(tmp1); OutputDebugStringA(tmp1);
Dll_Free(tmp1);
va_end(va_args); va_end(va_args);
} }
@ -431,18 +429,16 @@ void DbgTrace(const char* format, ...)
va_list va_args; va_list va_args;
va_start(va_args, format); va_start(va_args, format);
char *tmp1 = Dll_AllocTemp(510); char tmp1[510];
WCHAR tmp2[510];
extern int(*P_vsnprintf)(char *_Buffer, size_t Count, const char * const, va_list Args); extern int(*P_vsnprintf)(char *_Buffer, size_t Count, const char * const, va_list Args);
P_vsnprintf(tmp1, 510, format, va_args); P_vsnprintf(tmp1, 510, format, va_args);
WCHAR *tmp2 = Dll_AllocTemp(510*sizeof(WCHAR));
Sbie_snwprintf((WCHAR *)tmp2, 510, L"%S", tmp1); Sbie_snwprintf((WCHAR *)tmp2, 510, L"%S", tmp1);
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, tmp2, FALSE); SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, tmp2, FALSE);
Dll_Free(tmp1);
va_end(va_args); va_end(va_args);
} }

3
Sandboxie/core/drv/conf.c
View File

@ -1458,8 +1458,7 @@ _FX NTSTATUS Conf_Api_Reload(PROCESS *proc, ULONG64 *parms)
} }
} }
BOOLEAN obj_filter_enabled = Conf_Get_Boolean(NULL, L"EnableObjectFiltering", 0, FALSE); BOOLEAN obj_filter_enabled = Conf_Get_Boolean(NULL, L"EnableObjectFiltering", 0, TRUE);
extern BOOLEAN Obj_CallbackInstalled;
if (Obj_CallbackInstalled != obj_filter_enabled && Driver_OsVersion > DRIVER_WINDOWS_VISTA) { if (Obj_CallbackInstalled != obj_filter_enabled && Driver_OsVersion > DRIVER_WINDOWS_VISTA) {
if (obj_filter_enabled) { if (obj_filter_enabled) {
Obj_Load_Filter(); Obj_Load_Filter();

19
Sandboxie/core/drv/file.c
View File

@ -671,21 +671,18 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
// //
ok = Process_GetPaths(proc, normal_file_paths, _NormalPath, TRUE); ok = Process_GetPaths(proc, normal_file_paths, _NormalPath, TRUE);
if (ok && proc->use_privacy_mode) {
for (i = 0; normalpaths[i] && ok; ++i) {
ok = Process_AddPath(
proc, normal_file_paths, NULL, TRUE, normalpaths[i], FALSE);
}
}
if (! ok) { if (! ok) {
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid); Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
return FALSE; return FALSE;
} }
if (proc->use_privacy_mode) {
for (i = 0; normalpaths[i] && ok; ++i) {
ok = Process_AddPath(proc, normal_file_paths, _NormalPath, TRUE, normalpaths[i], FALSE);
}
if (!ok) {
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
return FALSE;
}
}
#endif #endif
// //

8
Sandboxie/core/drv/gui_xp.c
View File

@ -1311,9 +1311,11 @@ _FX ULONG_PTR Gui_NtUserPostThreadMessage(
status = STATUS_SUCCESS; status = STATUS_SUCCESS;
else { else {
status = Gui_CheckBoxedThread(proc, idThread, &idProcess); status = Gui_CheckBoxedThread(proc, idThread, &idProcess);
if (status == STATUS_ACCESS_DENIED) if (status == STATUS_ACCESS_DENIED) {
status = Process_CheckProcessName( if (Process_CheckProcessName(
proc, &proc->open_win_classes, idProcess, NULL); proc, &proc->open_win_classes, idProcess, NULL))
status = STATUS_SUCCESS;
}
} }
if (Session_MonitorCount && !proc->disable_monitor) { if (Session_MonitorCount && !proc->disable_monitor) {

51
Sandboxie/core/drv/ipc.c
View File

@ -157,8 +157,7 @@ _FX BOOLEAN Ipc_Init(void)
if (Driver_OsVersion > DRIVER_WINDOWS_VISTA) { if (Driver_OsVersion > DRIVER_WINDOWS_VISTA) {
// Don't use experimental features by default if (Conf_Get_Boolean(NULL, L"EnableObjectFiltering", 0, TRUE)) {
if (Conf_Get_Boolean(NULL, L"EnableObjectFiltering", 0, FALSE)) {
if (!Obj_Load_Filter()) if (!Obj_Load_Filter())
return FALSE; return FALSE;
@ -381,6 +380,7 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
#endif #endif
static const WCHAR* _OpenPath = L"OpenIpcPath"; static const WCHAR* _OpenPath = L"OpenIpcPath";
static const WCHAR* _ClosedPath = L"ClosedIpcPath"; static const WCHAR* _ClosedPath = L"ClosedIpcPath";
static const WCHAR* _ReadPath = L"ReadIpcPath";
static const WCHAR* openpaths[] = { static const WCHAR* openpaths[] = {
L"\\Windows\\ApiPort", L"\\Windows\\ApiPort",
L"\\Sessions\\*\\Windows\\ApiPort", L"\\Sessions\\*\\Windows\\ApiPort",
@ -576,6 +576,10 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
// NULL // NULL
//}; //};
#endif #endif
static const WCHAR *readpaths[] = {
L"$:explorer.exe",
NULL
};
ULONG i; ULONG i;
BOOLEAN ok; BOOLEAN ok;
@ -586,21 +590,19 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
#ifdef USE_MATCH_PATH_EX #ifdef USE_MATCH_PATH_EX
ok = Process_GetPaths(proc, &proc->normal_ipc_paths, _NormalPath, FALSE); ok = Process_GetPaths(proc, &proc->normal_ipc_paths, _NormalPath, FALSE);
//if (ok && proc->use_privacy_mode) {
//
// for (i = 0; normalpaths[i] && ok; ++i) {
// ok = Process_AddPath(proc, &proc->normal_ipc_paths, NULL,
// TRUE, normalpaths[i], FALSE);
// }
//}
if (!ok) { if (!ok) {
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid); Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
return FALSE; return FALSE;
} }
//if (proc->use_privacy_mode) {
// for (i = 0; normalpaths[i] && ok; ++i) {
// ok = Process_AddPath(proc, &proc->normal_ipc_paths, _NormalPath, TRUE, normalpaths[i], FALSE);
// }
//
// if (! ok) {
// Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
// return FALSE;
// }
//}
#endif #endif
// //
@ -696,6 +698,29 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
return FALSE; return FALSE;
} }
//
// read-only paths
//
ok = Process_GetPaths(proc, &proc->read_ipc_paths, _ReadPath, TRUE);
if (ok) {
for (i = 0; readpaths[i] && ok; ++i) {
ok = Process_AddPath(proc, &proc->read_ipc_paths, NULL,
TRUE, readpaths[i], FALSE);
}
}
if (! ok) {
Log_MsgP1(MSG_INIT_PATHS, _ReadPath, proc->pid);
return FALSE;
}
//
// other options
//
proc->ipc_warn_startrun = Conf_Get_Boolean( proc->ipc_warn_startrun = Conf_Get_Boolean(
proc->box->name, L"NotifyStartRunAccessDenied", 0, TRUE); proc->box->name, L"NotifyStartRunAccessDenied", 0, TRUE);

8
Sandboxie/core/drv/key.c
View File

@ -260,16 +260,18 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
return FALSE; return FALSE;
} }
if (proc->use_privacy_mode) { if (ok && proc->use_privacy_mode) {
for (i = 0; normalpaths[i] && ok; ++i) { for (i = 0; normalpaths[i] && ok; ++i) {
ok = Process_AddPath(proc, &proc->normal_key_paths, _NormalPath, TRUE, normalpaths[i], FALSE); ok = Process_AddPath(proc, &proc->normal_key_paths, NULL,
TRUE, normalpaths[i], FALSE);
}
} }
if (!ok) { if (!ok) {
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid); Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
return FALSE; return FALSE;
} }
}
#endif #endif
// //

3
Sandboxie/core/drv/log.c
View File

@ -237,7 +237,6 @@ _FX void Log_Msg(
const WCHAR *string1, const WCHAR *string1,
const WCHAR *string2) const WCHAR *string2)
{ {
//DbgPrint("Sbie MSG_%d: %S; %S\r\n", (error_code & 0xFFFF), string1, string2);
Log_Msg_Session(error_code, string1, string2, -1); Log_Msg_Session(error_code, string1, string2, -1);
} }
@ -268,6 +267,8 @@ _FX void Log_Msg_Process(
ULONG session_id, ULONG session_id,
HANDLE process_id) HANDLE process_id)
{ {
DbgPrint("Sbie MSG_%d: %S; %S\r\n", (error_code & 0xFFFF), string1, string2);
ULONG facility = (error_code >> 16) & 0x0F; ULONG facility = (error_code >> 16) & 0x0F;
if (facility & MSG_FACILITY_EVENT) if (facility & MSG_FACILITY_EVENT)
Log_Event_Msg(error_code, string1, string2); Log_Event_Msg(error_code, string1, string2);

1
Sandboxie/core/drv/obj.h
View File

@ -91,6 +91,7 @@ extern const OBJECT_NAME_INFORMATION Obj_Unnamed;
extern P_ObGetObjectType pObGetObjectType; extern P_ObGetObjectType pObGetObjectType;
extern P_ObQueryNameInfo pObQueryNameInfo; extern P_ObQueryNameInfo pObQueryNameInfo;
extern BOOLEAN Obj_CallbackInstalled;
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
// Macros Related to ParseProcedure // Macros Related to ParseProcedure

8
Sandboxie/core/drv/obj_flt.c
View File

@ -240,9 +240,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
goto Exit; goto Exit;
PEPROCESS ProcessObject = (PEPROCESS)PreInfo->Object; PEPROCESS ProcessObject = (PEPROCESS)PreInfo->Object;
ACCESS_MASK WriteAccess = (InitialDesiredAccess & PROCESS_DENIED_ACCESS_MASK); if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, InitialDesiredAccess, TRUE))) {
if (!NT_SUCCESS(Thread_CheckObject_Common(
proc, ProcessObject, InitialDesiredAccess, WriteAccess, L'P'))) {
#ifdef DRV_BREAKOUT #ifdef DRV_BREAKOUT
// //
@ -301,9 +299,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
goto Exit; goto Exit;
PEPROCESS ProcessObject = PsGetThreadProcess((PETHREAD)PreInfo->Object); PEPROCESS ProcessObject = PsGetThreadProcess((PETHREAD)PreInfo->Object);
ACCESS_MASK WriteAccess = (InitialDesiredAccess & THREAD_DENIED_ACCESS_MASK); if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, InitialDesiredAccess, FALSE))) {
if (!NT_SUCCESS(Thread_CheckObject_Common(
proc, ProcessObject, InitialDesiredAccess, WriteAccess, L'T'))) {
*DesiredAccess = 0; // deny any access *DesiredAccess = 0; // deny any access
} }
//ObjectTypeName = L"PsThreadType"; //ObjectTypeName = L"PsThreadType";

2
Sandboxie/core/drv/process.c
View File

@ -728,8 +728,6 @@ _FX PROCESS *Process_Create(
proc->dont_open_for_boxed = !proc->bAppCompartment && Conf_Get_Boolean(proc->box->name, L"DontOpenForBoxed", 0, TRUE); proc->dont_open_for_boxed = !proc->bAppCompartment && Conf_Get_Boolean(proc->box->name, L"DontOpenForBoxed", 0, TRUE);
proc->hide_other_boxes = Conf_Get_Boolean(proc->box->name, L"HideOtherBoxes", 0, FALSE);
// //
// privacy mode requirers Rule Specificity // privacy mode requirers Rule Specificity
// //

8
Sandboxie/core/drv/process.h
View File

@ -139,7 +139,6 @@ struct _PROCESS {
BOOLEAN always_close_for_boxed; BOOLEAN always_close_for_boxed;
BOOLEAN dont_open_for_boxed; BOOLEAN dont_open_for_boxed;
BOOLEAN hide_other_boxes;
#ifdef USE_MATCH_PATH_EX #ifdef USE_MATCH_PATH_EX
BOOLEAN use_rule_specificity; BOOLEAN use_rule_specificity;
BOOLEAN use_privacy_mode; BOOLEAN use_privacy_mode;
@ -189,6 +188,7 @@ struct _PROCESS {
#endif #endif
LIST open_ipc_paths; // PATTERN elements LIST open_ipc_paths; // PATTERN elements
LIST closed_ipc_paths; // PATTERN elements LIST closed_ipc_paths; // PATTERN elements
LIST read_ipc_paths; // PATTERN elements
ULONG ipc_trace; ULONG ipc_trace;
BOOLEAN disable_object_flt; BOOLEAN disable_object_flt;
BOOLEAN ipc_warn_startrun; BOOLEAN ipc_warn_startrun;
@ -371,10 +371,10 @@ void Process_GetProcessName(
// Check if open_path contains setting "$:ProcessName.exe" // Check if open_path contains setting "$:ProcessName.exe"
// where ProcessName matches the specified idProcess. // where ProcessName matches the specified idProcess.
// If not contained, returns STATUS_ACCESS_DENIED with *pSetting = NULL // If not contained, returns FALSE with *pSetting = NULL
// If contained, returns STATUS_SUCCESS with *pSetting -> matching setting // If contained, returns TRUE with *pSetting -> matching setting
NTSTATUS Process_CheckProcessName( BOOLEAN Process_CheckProcessName(
PROCESS *proc, LIST *open_paths, ULONG_PTR idProcess, PROCESS *proc, LIST *open_paths, ULONG_PTR idProcess,
const WCHAR **pSetting); const WCHAR **pSetting);

3
Sandboxie/core/drv/process_api.c
View File

@ -785,6 +785,9 @@ _FX NTSTATUS Process_Api_QueryPathList(PROCESS *proc, ULONG64 *parms)
} else if (args->path_code.val == 'ic') { } else if (args->path_code.val == 'ic') {
list = &proc->closed_ipc_paths; list = &proc->closed_ipc_paths;
lock = proc->ipc_lock; lock = proc->ipc_lock;
} else if (args->path_code.val == 'ir') {
list = &proc->read_ipc_paths;
lock = proc->ipc_lock;
} else if (args->path_code.val == 'wo') { } else if (args->path_code.val == 'wo') {
list = &proc->open_win_classes; list = &proc->open_win_classes;

12
Sandboxie/core/drv/process_util.c
View File

@ -1173,23 +1173,23 @@ _FX void Process_GetProcessName(
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
_FX NTSTATUS Process_CheckProcessName( _FX BOOLEAN Process_CheckProcessName(
PROCESS *proc, LIST *open_paths, ULONG_PTR idProcess, PROCESS *proc, LIST *open_paths, ULONG_PTR idProcess,
const WCHAR **pSetting) const WCHAR **pSetting)
{ {
NTSTATUS status; BOOLEAN result;
PATTERN *pat; PATTERN *pat;
void *nbuf; void *nbuf;
ULONG nlen; ULONG nlen;
WCHAR *nptr; WCHAR *nptr;
status = STATUS_ACCESS_DENIED; result = FALSE;
if (pSetting) if (pSetting)
*pSetting = NULL; *pSetting = NULL;
if (! idProcess) if (! idProcess)
return status; return result;
nbuf = NULL; nbuf = NULL;
nlen = 0; nlen = 0;
@ -1213,7 +1213,7 @@ _FX NTSTATUS Process_CheckProcessName(
break; break;
} }
if (_wcsicmp(nptr, src + 2) == 0) { if (_wcsicmp(nptr, src + 2) == 0) {
status = STATUS_SUCCESS; result = TRUE;
if (pSetting) if (pSetting)
*pSetting = src; *pSetting = src;
break; break;
@ -1224,7 +1224,7 @@ _FX NTSTATUS Process_CheckProcessName(
if (nbuf) if (nbuf)
Mem_Free(nbuf, nlen); Mem_Free(nbuf, nlen);
return status; return result;
} }

88
Sandboxie/core/drv/thread.c
View File

@ -25,6 +25,7 @@
#include "process.h" #include "process.h"
#include "syscall.h" #include "syscall.h"
#include "token.h" #include "token.h"
#include "obj.h"
#include "session.h" #include "session.h"
#include "api.h" #include "api.h"
@ -147,6 +148,7 @@ _FX BOOLEAN Thread_Init(void)
"ImpersonateAnonymousToken", Thread_ImpersonateAnonymousToken)) "ImpersonateAnonymousToken", Thread_ImpersonateAnonymousToken))
return FALSE; return FALSE;
// //
// set object open handlers // set object open handlers
// //
@ -168,6 +170,7 @@ _FX BOOLEAN Thread_Init(void)
return FALSE; return FALSE;
} }
// //
// set API handlers // set API handlers
// //
@ -947,10 +950,9 @@ _FX NTSTATUS Thread_CheckProcessObject(
PROCESS *proc, void *Object, UNICODE_STRING *Name, PROCESS *proc, void *Object, UNICODE_STRING *Name,
ACCESS_MASK GrantedAccess) ACCESS_MASK GrantedAccess)
{ {
if (Obj_CallbackInstalled) return STATUS_SUCCESS; // ObCallbacks takes care of that already
PEPROCESS ProcessObject = (PEPROCESS)Object; PEPROCESS ProcessObject = (PEPROCESS)Object;
ACCESS_MASK WriteAccess = (GrantedAccess & PROCESS_DENIED_ACCESS_MASK); return Thread_CheckObject_Common(proc, ProcessObject, GrantedAccess, TRUE);
return Thread_CheckObject_Common(
proc, ProcessObject, GrantedAccess, WriteAccess, L'P');
} }
@ -963,10 +965,9 @@ _FX NTSTATUS Thread_CheckThreadObject(
PROCESS *proc, void *Object, UNICODE_STRING *Name, PROCESS *proc, void *Object, UNICODE_STRING *Name,
ACCESS_MASK GrantedAccess) ACCESS_MASK GrantedAccess)
{ {
if (Obj_CallbackInstalled) return STATUS_SUCCESS; // ObCallbacks takes care of that already
PEPROCESS ProcessObject = PsGetThreadProcess(Object); PEPROCESS ProcessObject = PsGetThreadProcess(Object);
ACCESS_MASK WriteAccess = (GrantedAccess & THREAD_DENIED_ACCESS_MASK); return Thread_CheckObject_Common(proc, ProcessObject, GrantedAccess, FALSE);
return Thread_CheckObject_Common(
proc, ProcessObject, GrantedAccess, WriteAccess, L'T');
} }
@ -977,11 +978,34 @@ _FX NTSTATUS Thread_CheckThreadObject(
_FX NTSTATUS Thread_CheckObject_Common( _FX NTSTATUS Thread_CheckObject_Common(
PROCESS *proc, PEPROCESS ProcessObject, PROCESS *proc, PEPROCESS ProcessObject,
ACCESS_MASK GrantedAccess, ACCESS_MASK WriteAccess, WCHAR Letter1) ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess)
{ {
ULONG_PTR pid; ULONG_PTR pid;
const WCHAR *pSetting; const WCHAR *pSetting;
NTSTATUS status; NTSTATUS status;
WCHAR Letter1;
ACCESS_MASK WriteAccess;
ACCESS_MASK ReadAccess;
if (EntireProcess) {
Letter1 = L'P';
WriteAccess = (GrantedAccess & PROCESS_DENIED_ACCESS_MASK);
ReadAccess = (GrantedAccess & PROCESS_VM_READ);
//
// PROCESS_QUERY_INFORMATION allows to steal an attached debug object
// using object filtering mitigates this issue
// but when its not active we should block that access
//
if(!Obj_CallbackInstalled)
ReadAccess |= (GrantedAccess & PROCESS_QUERY_INFORMATION);
}
else {
Letter1 = L'T';
WriteAccess = (GrantedAccess & THREAD_DENIED_ACCESS_MASK);
ReadAccess = 0;
}
// //
// if an error occured and can't find pid, then don't allow // if an error occured and can't find pid, then don't allow
@ -992,24 +1016,14 @@ _FX NTSTATUS Thread_CheckObject_Common(
if (! pid) if (! pid)
return STATUS_ACCESS_DENIED; return STATUS_ACCESS_DENIED;
//
// for read-only access to the target process, we don't care
// if/which boxes are involved
//
if (pid && (WriteAccess == 0) && !proc->hide_other_boxes) {
status = STATUS_SUCCESS; status = STATUS_SUCCESS;
goto trace;
}
// //
// otherwise this is write access, confirm if same box // allow access if it's within the same box
// //
if (Process_IsSameBox(proc, NULL, pid)) { if (Process_IsSameBox(proc, NULL, pid))
status = STATUS_SUCCESS; goto finish;
goto trace;
}
// //
// also permit if process is exiting, because it is possible that // also permit if process is exiting, because it is possible that
@ -1018,18 +1032,34 @@ _FX NTSTATUS Thread_CheckObject_Common(
// (e.g. VS2012 MSBuild.exe does this with the csc.exe compiler) // (e.g. VS2012 MSBuild.exe does this with the csc.exe compiler)
// //
if (PsGetProcessExitProcessCalled(ProcessObject)) { if (PsGetProcessExitProcessCalled(ProcessObject))
status = STATUS_SUCCESS; goto finish;
goto trace;
}
// //
// write access outside box, check if we have the following setting // access outside box, check if we have the following setting
// OpenIpcPath=$:ProcessName.exe // OpenIpcPath=$:ProcessName.exe
// //
status = Process_CheckProcessName( if (Process_CheckProcessName(proc, &proc->closed_ipc_paths, pid, &pSetting)) {
proc, &proc->open_ipc_paths, pid, &pSetting);
status = STATUS_ACCESS_DENIED;
} else if (WriteAccess != 0 || ReadAccess != 0) {
if (!Process_CheckProcessName(proc, &proc->open_ipc_paths, pid, &pSetting)) {
if (WriteAccess != 0) {
status = STATUS_ACCESS_DENIED;
} else if (!Process_CheckProcessName(proc, &proc->read_ipc_paths, pid, &pSetting)) {
status = STATUS_ACCESS_DENIED;
}
}
}
// //
// log the cross-sandbox access attempt, based on the status code // log the cross-sandbox access attempt, based on the status code
@ -1059,12 +1089,12 @@ _FX NTSTATUS Thread_CheckObject_Common(
} }
} }
finish:
// //
// trace // trace
// //
trace:
if (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY)) { if (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY)) {
WCHAR str[32]; WCHAR str[32];

2
Sandboxie/core/drv/thread.h
View File

@ -96,7 +96,7 @@ THREAD *Thread_GetByThreadId(PROCESS *proc, HANDLE tid);
NTSTATUS Thread_CheckObject_Common( NTSTATUS Thread_CheckObject_Common(
PROCESS *proc, PEPROCESS ProcessObject, PROCESS *proc, PEPROCESS ProcessObject,
ACCESS_MASK GrantedAccess, ACCESS_MASK WriteAccess, WCHAR Letter1); ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess);
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------

53
Sandboxie/install/Templates.ini
View File

@ -1524,7 +1524,7 @@ OpenWinClass=TENTrayMainWindow
OpenWinClass=ENMainFrame OpenWinClass=ENMainFrame
OpenWinClass=ENMainFrame3 OpenWinClass=ENMainFrame3
OpenWinClass=HwndWrapper[Evernote.exe;* OpenWinClass=HwndWrapper[Evernote.exe;*
OpenWinClass=$:EvernoteClipper.exe OpenWinClass=$:EvernoteClipper.exe/IgnoreUIPI
LingerProcess=EvernoteClipper.exe LingerProcess=EvernoteClipper.exe
[Template_MetaProducts_Inquiry] [Template_MetaProducts_Inquiry]
@ -1574,7 +1574,7 @@ Tmpl.Url=http://www.kinook.com/UltraRecall/
Tmpl.Scan=s Tmpl.Scan=s
Tmpl.ScanProduct=Ultra Recall_is1 Tmpl.ScanProduct=Ultra Recall_is1
OpenWinClass=Afx:00400000:0 OpenWinClass=Afx:00400000:0
OpenWinClass=$:UltraRecall.exe OpenWinClass=$:UltraRecall.exe/IgnoreUIPI
OpenIpcPath=*\BaseNamedObjects*\UltraRecall OpenIpcPath=*\BaseNamedObjects*\UltraRecall
# #
@ -1750,7 +1750,7 @@ Tmpl.Class=Security
Tmpl.Url=http://www.covenanteyes.com/ Tmpl.Url=http://www.covenanteyes.com/
Tmpl.Scan=i Tmpl.Scan=i
OpenIpcPath=*\BaseNamedObjects*\CE_*Obj OpenIpcPath=*\BaseNamedObjects*\CE_*Obj
OpenWinClass=$:nmSvc.exe OpenWinClass=$:nmSvc.exe/IgnoreUIPI
[Template_ComodoInternetSecurity] [Template_ComodoInternetSecurity]
Tmpl.Title=Comodo Internet Security / Antivirus / Firewall Tmpl.Title=Comodo Internet Security / Antivirus / Firewall
@ -1939,7 +1939,7 @@ Tmpl.Url=http://technet.microsoft.com/en-us/security/jj653751
Tmpl.Scan=s Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Microsoft\EMET Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Microsoft\EMET
OpenIpcPath=*\BaseNamedObjects*\emet_pid_* OpenIpcPath=*\BaseNamedObjects*\emet_pid_*
OpenWinClass=$:EMET_notifier.exe OpenWinClass=$:EMET_notifier.exe/IgnoreUIPI
# EMET 4 # EMET 4
OpenPipePath=\Device\Mailslot\EMET_Agent_* OpenPipePath=\Device\Mailslot\EMET_Agent_*
OpenPipePath=\Device\Mailslot\EMET_Recipient_* OpenPipePath=\Device\Mailslot\EMET_Recipient_*
@ -2046,7 +2046,7 @@ Tmpl.Url=http://windows.microsoft.com/en-US/windows/products/security-essentials
Tmpl.Scan=s Tmpl.Scan=s
Tmpl.ScanService=MsMpSvc Tmpl.ScanService=MsMpSvc
OpenWinClass=msseces_class OpenWinClass=msseces_class
OpenWinClass=$:msseces.exe OpenWinClass=$:msseces.exe/IgnoreUIPI
IContextMenuClsid={09A47860-11B0-4DA5-AFA5-26D86198A780} IContextMenuClsid={09A47860-11B0-4DA5-AFA5-26D86198A780}
[Template_Mirekusoft_Install_Monitor] [Template_Mirekusoft_Install_Monitor]
@ -2244,7 +2244,7 @@ Tmpl.Class=Security
Tmpl.Url=http://www.proxifier.com/ Tmpl.Url=http://www.proxifier.com/
Tmpl.Scan=w Tmpl.Scan=w
OpenWinClass=Proxifier32Cls OpenWinClass=Proxifier32Cls
OpenWinClass=$:proxifier.exe OpenWinClass=$:proxifier.exe/IgnoreUIPI
OpenIpcPath=*\BaseNamedObjects*\Proxifier* OpenIpcPath=*\BaseNamedObjects*\Proxifier*
OpenPipePath=\Device\NamedPipe\proxifier OpenPipePath=\Device\NamedPipe\proxifier
@ -2411,7 +2411,7 @@ Tmpl.Class=Desktop
Tmpl.Url=http://support.asus.com/Download.aspx?SLanguage=en&m=Eee+PC+1015PX&p=20&s=1 Tmpl.Url=http://support.asus.com/Download.aspx?SLanguage=en&m=Eee+PC+1015PX&p=20&s=1
Tmpl.Scan=s Tmpl.Scan=s
Tmpl.ScanProduct={4B5092B6-F231-4D18-83BC-2618B729CA45} Tmpl.ScanProduct={4B5092B6-F231-4D18-83BC-2618B729CA45}
OpenWinClass=$:CapsHook.exe OpenWinClass=$:CapsHook.exe/IgnoreUIPI
[Template_AcerGridVista] [Template_AcerGridVista]
Tmpl.Title=Acer GridVista Tmpl.Title=Acer GridVista
@ -2535,7 +2535,7 @@ Tmpl.Class=Desktop
Tmpl.Url=http://www.cottonwoodsw.com/fx3summ.html Tmpl.Url=http://www.cottonwoodsw.com/fx3summ.html
Tmpl.Scan=s Tmpl.Scan=s
Tmpl.ScanProduct=File-Ex v3.* Tmpl.ScanProduct=File-Ex v3.*
OpenWinClass=$:FileEx.exe OpenWinClass=$:FileEx.exe/IgnoreUIPI
[Template_GoogleToolbarIE] [Template_GoogleToolbarIE]
Tmpl.Title=Google Toolbar for Internet Explorer Tmpl.Title=Google Toolbar for Internet Explorer
@ -2546,7 +2546,7 @@ OpenIpcPath=*\BaseNamedObjects*\{B7F1F778-8315-4EB2-AC1E-5AFCAA603271}
OpenIpcPath=*\BaseNamedObjects*\{DEBFCCE1-B446-4992-9C9E-CA1CB548C718} OpenIpcPath=*\BaseNamedObjects*\{DEBFCCE1-B446-4992-9C9E-CA1CB548C718}
OpenIpcPath=*\BaseNamedObjects*\*{E709AE98-F4E6-40DE-BE47-CFBA9B4605C0} OpenIpcPath=*\BaseNamedObjects*\*{E709AE98-F4E6-40DE-BE47-CFBA9B4605C0}
OpenWinClass={A7E495BF-9589-4A6E-8479-DDA2D8D3C05F} OpenWinClass={A7E495BF-9589-4A6E-8479-DDA2D8D3C05F}
OpenWinClass=$:GoogleToolbarNotifier.exe OpenWinClass=$:GoogleToolbarNotifier.exe/IgnoreUIPI
OpenClsid={FBA44040-BD27-4A09-ACC8-C08B7C723DCD} OpenClsid={FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
LingerProcess=GoogleToolbarUser.exe LingerProcess=GoogleToolbarUser.exe
LingerProcess=GoogleToolbarUser_32.exe LingerProcess=GoogleToolbarUser_32.exe
@ -2608,7 +2608,7 @@ Tmpl.Class=Desktop
Tmpl.Url=http://www.intelife.net/ninja/ Tmpl.Url=http://www.intelife.net/ninja/
Tmpl.Scan=i Tmpl.Scan=i
OpenIpcPath=*\BaseNamedObjects*\KEYBOARD_NINJA_2 OpenIpcPath=*\BaseNamedObjects*\KEYBOARD_NINJA_2
OpenWinClass=$:ninja.exe OpenWinClass=$:ninja.exe/IgnoreUIPI
[Template_Lingoes] [Template_Lingoes]
Tmpl.Title=Lingoes Translator Tmpl.Title=Lingoes Translator
@ -2618,7 +2618,7 @@ Tmpl.Scan=i
OpenIpcPath=*\BaseNamedObjects*\OpenText_ZWFilter_GlobaData* OpenIpcPath=*\BaseNamedObjects*\OpenText_ZWFilter_GlobaData*
OpenIpcPath=*\BaseNamedObjects*\OpenText_GrabText_GlobaData* OpenIpcPath=*\BaseNamedObjects*\OpenText_GrabText_GlobaData*
OpenIpcPath=*\BaseNamedObjects*\OpenText_GrabText_Mutex* OpenIpcPath=*\BaseNamedObjects*\OpenText_GrabText_Mutex*
OpenWinClass=$:lingoes.exe OpenWinClass=$:lingoes.exe/IgnoreUIPI
[Template_Linkman] [Template_Linkman]
Tmpl.Title=Linkman Tmpl.Title=Linkman
@ -2637,19 +2637,20 @@ Tmpl.Url=http://www.xrayz.co.uk/
Tmpl.Scan=w Tmpl.Scan=w
OpenWinClass=LinkStash OpenWinClass=LinkStash
OpenWinClass=LinkStashMonitor OpenWinClass=LinkStashMonitor
OpenWinClass=$:lnkstash.exe OpenWinClass=$:lnkstash.exe/IgnoreUIPI
[Template_Listary] [Template_Listary]
Tmpl.Title=Listary Tmpl.Title=Listary
Tmpl.Class=Desktop Tmpl.Class=Desktop
Tmpl.Url=http://www.listary.com/ Tmpl.Url=https://www.listary.com/
Tmpl.Scan=s Tmpl.Scan=s
Tmpl.ScanProduct=Listary_is1 Tmpl.ScanProduct=Listary_is1
OpenIpcPath=*\BaseNamedObjects*\ListarySharedData
OpenWinClass=ListaryToolbarCls OpenWinClass=ListaryToolbarCls
OpenWinClass=$:listary.exe OpenWinClass=$:listary.exe/IgnoreUIPI
# v4 # v5
OpenIpcPath=*\BaseNamedObjects*\Listary_MainSharedMemory OpenIpcPath=*\BaseNamedObjects*\Listary_MainSharedMemory
# v6
OpenIpcPath=*\BaseNamedObjects*\ListaryX_MainSharedMemory
[Template_Logitech_G15_Keyboard] [Template_Logitech_G15_Keyboard]
Tmpl.Title=Logitech Keyboard LCD Display Tmpl.Title=Logitech Keyboard LCD Display
@ -2880,13 +2881,13 @@ Tmpl.Class=Desktop
Tmpl.Url=http://www.sumitsoft.com/ Tmpl.Url=http://www.sumitsoft.com/
Tmpl.Scan=i Tmpl.Scan=i
OpenIpcPath=*\BaseNamedObjects*\Typing Assistant (*) OpenIpcPath=*\BaseNamedObjects*\Typing Assistant (*)
OpenWinClass=$:Typing Assistant (English).exe OpenWinClass=$:Typing Assistant (English).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (French).exe OpenWinClass=$:Typing Assistant (French).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (German).exe OpenWinClass=$:Typing Assistant (German).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (Hungarian).exe OpenWinClass=$:Typing Assistant (Hungarian).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (Italian).exe OpenWinClass=$:Typing Assistant (Italian).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (Portuguese).exe OpenWinClass=$:Typing Assistant (Portuguese).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (Spanish).exe OpenWinClass=$:Typing Assistant (Spanish).exe/IgnoreUIPI
[Template_TwoPilots_SpeedTyping] [Template_TwoPilots_SpeedTyping]
Tmpl.Title=Two Pilots Speed Typing Tmpl.Title=Two Pilots Speed Typing
@ -3154,6 +3155,12 @@ OpenClsid={AC746233-E9D3-49CD-862F-068F7B7CCCA4}
# prevent access to host port # prevent access to host port
# BlockPort=1001 # BlockPort=1001
[Template_FreeDownloadManager]
Tmpl.Title=Free Download Manager
Tmpl.Class=Download
Tmpl.Url=http://www.freedownloadmanager.org/
RpcMgmtSetComTimeout=fdm.exe,y
[Template_SothinkWebVideoDownloader] [Template_SothinkWebVideoDownloader]
Tmpl.Title=Sothink Web Video Downloader Stand-alone Tmpl.Title=Sothink Web Video Downloader Stand-alone
Tmpl.Class=Download Tmpl.Class=Download

397
SandboxiePlus/SandMan/Forms/SettingsWindow.ui
View File

@ -7,7 +7,7 @@
<x>0</x> <x>0</x>
<y>0</y> <y>0</y>
<width>634</width> <width>634</width>
<height>440</height> <height>451</height>
</rect> </rect>
</property> </property>
<property name="sizePolicy"> <property name="sizePolicy">
@ -54,108 +54,7 @@
<layout class="QGridLayout" name="gridLayout_9"> <layout class="QGridLayout" name="gridLayout_9">
<item row="0" column="0"> <item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_8"> <layout class="QGridLayout" name="gridLayout_8">
<item row="8" column="0"> <item row="9" column="2">
<widget class="QLabel" name="label_5">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Systray options</string>
</property>
</widget>
</item>
<item row="7" column="1" colspan="2">
<widget class="QCheckBox" name="chkWatchConfig">
<property name="text">
<string>Watch Sandboxie.ini for changes</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="2">
<widget class="QCheckBox" name="chkDarkTheme">
<property name="text">
<string>Use Dark Theme (fully applied after a restart)</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="4" column="1" colspan="2">
<widget class="QCheckBox" name="chkShowRecovery">
<property name="text">
<string>Show first recovery window when emptying sandboxes</string>
</property>
</widget>
</item>
<item row="6" column="1" colspan="3">
<layout class="QHBoxLayout" name="horizontalLayout_3">
<item>
<widget class="QCheckBox" name="chkPanic">
<property name="text">
<string>Hotkey for terminating all boxed processes:</string>
</property>
</widget>
</item>
<item>
<widget class="QKeySequenceEdit" name="keyPanic"/>
</item>
</layout>
</item>
<item row="12" column="1">
<spacer name="verticalSpacer_4">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="9" column="1">
<widget class="QComboBox" name="cmbSysTray"/>
</item>
<item row="11" column="1">
<widget class="QComboBox" name="cmbOnClose"/>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_19">
<property name="text">
<string>UI Language:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="3" column="1" colspan="2">
<widget class="QCheckBox" name="chkSandboxUrls">
<property name="text">
<string>Open urls from this ui sandboxed</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="2" column="1" colspan="2">
<widget class="QCheckBox" name="chkNotifications">
<property name="text">
<string>Show Notifications for relevant log Messages</string>
</property>
<property name="checked">
<bool>false</bool>
</property>
</widget>
</item>
<item row="12" column="2">
<spacer name="horizontalSpacer_8"> <spacer name="horizontalSpacer_8">
<property name="orientation"> <property name="orientation">
<enum>Qt::Horizontal</enum> <enum>Qt::Horizontal</enum>
@ -168,26 +67,10 @@
</property> </property>
</spacer> </spacer>
</item> </item>
<item row="11" column="0"> <item row="8" column="1" colspan="2">
<widget class="QLabel" name="label_18"> <widget class="QCheckBox" name="chkWatchConfig">
<property name="text"> <property name="text">
<string>On main window close:</string> <string>Watch Sandboxie.ini for changes</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QLabel" name="label_20">
<property name="text">
<string>Show Icon in Systray:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property> </property>
</widget> </widget>
</item> </item>
@ -198,6 +81,46 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="0" column="0">
<widget class="QLabel" name="label_19">
<property name="text">
<string>UI Language:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="9" column="1">
<spacer name="verticalSpacer_4">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="4" column="1" colspan="2">
<widget class="QCheckBox" name="chkShowRecovery">
<property name="text">
<string>Show first recovery window when emptying sandboxes</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="2">
<widget class="QCheckBox" name="chkDarkTheme">
<property name="text">
<string>Use Dark Theme (fully applied after a restart)</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="0" column="2"> <item row="0" column="2">
<widget class="QLabel" name="label"> <widget class="QLabel" name="label">
<property name="text"> <property name="text">
@ -211,21 +134,46 @@
<item row="0" column="1"> <item row="0" column="1">
<widget class="QComboBox" name="uiLang"/> <widget class="QComboBox" name="uiLang"/>
</item> </item>
<item row="10" column="0"> <item row="2" column="1" colspan="2">
<widget class="QLabel" name="label_21"> <widget class="QCheckBox" name="chkNotifications">
<property name="text"> <property name="text">
<string>Show boxes in tray list:</string> <string>Show Notifications for relevant log Messages</string>
</property> </property>
<property name="alignment"> <property name="checked">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set> <bool>false</bool>
</property> </property>
<property name="openExternalLinks"> </widget>
</item>
<item row="3" column="1" colspan="2">
<widget class="QCheckBox" name="chkSandboxUrls">
<property name="text">
<string>Open urls from this ui sandboxed</string>
</property>
<property name="tristate">
<bool>true</bool> <bool>true</bool>
</property> </property>
</widget> </widget>
</item> </item>
<item row="10" column="1"> <item row="6" column="1" colspan="2">
<widget class="QComboBox" name="cmbTrayBoxes"/> <widget class="QCheckBox" name="chkAsyncBoxOps">
<property name="text">
<string>Run box operations asynchronously whenever possible (like content deletion)</string>
</property>
</widget>
</item>
<item row="7" column="1" colspan="3">
<layout class="QHBoxLayout" name="horizontalLayout_3">
<item>
<widget class="QCheckBox" name="chkPanic">
<property name="text">
<string>Hotkey for terminating all boxed processes:</string>
</property>
</widget>
</item>
<item>
<widget class="QKeySequenceEdit" name="keyPanic"/>
</item>
</layout>
</item> </item>
</layout> </layout>
</item> </item>
@ -238,6 +186,69 @@
<layout class="QGridLayout" name="gridLayout_14"> <layout class="QGridLayout" name="gridLayout_14">
<item row="0" column="0"> <item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_13"> <layout class="QGridLayout" name="gridLayout_13">
<item row="4" column="1" colspan="3">
<widget class="QCheckBox" name="chkShellMenu">
<property name="text">
<string>Add 'Run Sandboxed' to the explorer context menu</string>
</property>
</widget>
</item>
<item row="3" column="3">
<spacer name="horizontalSpacer_6">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="12" column="1">
<spacer name="verticalSpacer_6">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="11" column="0">
<widget class="QLabel" name="label_18">
<property name="text">
<string>On main window close:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="2" column="1" colspan="3">
<widget class="QCheckBox" name="chkSvcStart">
<property name="text">
<string>Start UI when a sandboxed process is started</string>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QLabel" name="label_21">
<property name="text">
<string>Show boxes in tray list:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property>
</widget>
</item>
<item row="3" column="0"> <item row="3" column="0">
<widget class="QLabel" name="label_8"> <widget class="QLabel" name="label_8">
<property name="font"> <property name="font">
@ -252,6 +263,20 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="5" column="2" colspan="3">
<widget class="QCheckBox" name="chkAlwaysDefault">
<property name="text">
<string>Always use DefaultBox</string>
</property>
</widget>
</item>
<item row="6" column="2" colspan="3">
<widget class="QCheckBox" name="chkShellMenu2">
<property name="text">
<string>Add 'Run Un-Sandboxed' to the context menu</string>
</property>
</widget>
</item>
<item row="0" column="0"> <item row="0" column="0">
<widget class="QLabel" name="label_6"> <widget class="QLabel" name="label_6">
<property name="font"> <property name="font">
@ -266,55 +291,7 @@
</property> </property>
</widget> </widget>
</item> </item>
<item row="1" column="1" colspan="2"> <item row="12" column="3" colspan="2">
<widget class="QCheckBox" name="chkAutoStart">
<property name="text">
<string>Start UI with Windows</string>
</property>
</widget>
</item>
<item row="4" column="1" colspan="2">
<widget class="QCheckBox" name="chkShellMenu">
<property name="text">
<string>Add 'Run Sandboxed' to the explorer context menu</string>
</property>
</widget>
</item>
<item row="3" column="2">
<spacer name="horizontalSpacer_6">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="2" column="1" colspan="2">
<widget class="QCheckBox" name="chkSvcStart">
<property name="text">
<string>Start UI when a sandboxed process is started</string>
</property>
</widget>
</item>
<item row="6" column="2" colspan="2">
<widget class="QCheckBox" name="chkShellMenu2">
<property name="text">
<string>Add 'Run Un-Sandboxed' to the context menu</string>
</property>
</widget>
</item>
<item row="5" column="2" colspan="2">
<widget class="QCheckBox" name="chkAlwaysDefault">
<property name="text">
<string>Always use DefaultBox</string>
</property>
</widget>
</item>
<item row="7" column="2" colspan="2">
<spacer name="horizontalSpacer_2"> <spacer name="horizontalSpacer_2">
<property name="orientation"> <property name="orientation">
<enum>Qt::Horizontal</enum> <enum>Qt::Horizontal</enum>
@ -327,15 +304,65 @@
</property> </property>
</spacer> </spacer>
</item> </item>
<item row="7" column="1"> <item row="8" column="0">
<spacer name="verticalSpacer_6"> <widget class="QLabel" name="label_20">
<property name="text">
<string>Show Icon in Systray:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property>
</widget>
</item>
<item row="1" column="1" colspan="3">
<widget class="QCheckBox" name="chkAutoStart">
<property name="text">
<string>Start UI with Windows</string>
</property>
</widget>
</item>
<item row="10" column="1" colspan="3">
<widget class="QCheckBox" name="chkBoxOpsNotify">
<property name="text">
<string>Show a tray notification when automatic box operations are started</string>
</property>
</widget>
</item>
<item row="7" column="0">
<widget class="QLabel" name="label_5">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Systray options</string>
</property>
</widget>
</item>
<item row="8" column="1" colspan="2">
<widget class="QComboBox" name="cmbSysTray"/>
</item>
<item row="9" column="1" colspan="2">
<widget class="QComboBox" name="cmbTrayBoxes"/>
</item>
<item row="11" column="1" colspan="2">
<widget class="QComboBox" name="cmbOnClose"/>
</item>
<item row="3" column="2">
<spacer name="horizontalSpacer_9">
<property name="orientation"> <property name="orientation">
<enum>Qt::Vertical</enum> <enum>Qt::Horizontal</enum>
</property> </property>
<property name="sizeHint" stdset="0"> <property name="sizeHint" stdset="0">
<size> <size>
<width>20</width> <width>40</width>
<height>40</height> <height>20</height>
</size> </size>
</property> </property>
</spacer> </spacer>
@ -433,7 +460,7 @@
<item row="7" column="1" colspan="5"> <item row="7" column="1" colspan="5">
<widget class="QCheckBox" name="chkObjCb"> <widget class="QCheckBox" name="chkObjCb">
<property name="text"> <property name="text">
<string>Activate Kernel Mode Object Filtering (experimental)</string> <string>Activate Kernel Mode Object Filtering</string>
</property> </property>
</widget> </widget>
</item> </item>

45
SandboxiePlus/SandMan/SandMan.cpp
View File

@ -900,6 +900,20 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
} }
} }
bool CSandMan::DoDeleteCmd(const CSandBoxPtr &pBox)
{
foreach(const QString& Value, pBox->GetTextList("OnBoxDelete", true, false, true)) {
QString Value2 = pBox->Expand(Value);
CSbieProgressPtr pProgress = CSbieUtils::RunCommand(Value2, true);
if (!pProgress.isNull()) {
AddAsyncOp(pProgress, true, tr("Executing OnBoxDelete: %1").arg(Value2));
if (pProgress->IsCanceled())
return false;
}
}
return true;
}
void CSandMan::OnBoxClosed(const QString& BoxName) void CSandMan::OnBoxClosed(const QString& BoxName)
{ {
CSandBoxPtr pBox = theAPI->GetBoxByName(BoxName); CSandBoxPtr pBox = theAPI->GetBoxByName(BoxName);
@ -913,10 +927,33 @@ void CSandMan::OnBoxClosed(const QString& BoxName)
if(!theGUI->OpenRecovery(pBox, DeleteShapshots, true)) // unless no files are found than continue silently if(!theGUI->OpenRecovery(pBox, DeleteShapshots, true)) // unless no files are found than continue silently
return; return;
if(theConf->GetBool("Options/AutoBoxOpsNotify", false))
OnLogMessage(tr("Auto deleting content of %1").arg(BoxName), true);
if (theConf->GetBool("Options/UseAsyncBoxOps", false))
{
auto pBoxEx = pBox.objectCast<CSandBoxPlus>(); auto pBoxEx = pBox.objectCast<CSandBoxPlus>();
SB_STATUS Status = pBoxEx->DeleteContentAsync(DeleteShapshots); SB_STATUS Status = pBoxEx->DeleteContentAsync(DeleteShapshots);
CheckResults(QList<SB_STATUS>() << Status); CheckResults(QList<SB_STATUS>() << Status);
} }
else
{
if (!DoDeleteCmd(pBox))
return;
SB_PROGRESS Status;
if (!DeleteShapshots && pBox->HasSnapshots()) { // in auto delete mdoe always return to last snapshot
QString Current;
pBox->GetDefaultSnapshot(&Current);
Status = pBox->SelectSnapshot(Current);
}
else // if there are no snapshots just use the normal cleaning procedure
Status = pBox->CleanBox();
if (Status.GetStatus() == OP_ASYNC)
AddAsyncOp(Status.GetValue(), true, tr("Auto Deleting %1 content").arg(BoxName));
}
}
} }
void CSandMan::OnSelectionChanged() void CSandMan::OnSelectionChanged()
@ -1156,7 +1193,7 @@ void CSandMan::OnLogSbieMessage(quint32 MsgCode, const QStringList& MsgData, qui
Message = tr("The box %1 is configured to use features exclusively available to project supporters, these presets will be ignored.").arg(MsgData[1]); Message = tr("The box %1 is configured to use features exclusively available to project supporters, these presets will be ignored.").arg(MsgData[1]);
Message.append(tr("<br /><a href=\"https://sandboxie-plus.com/go.php?to=sbie-get-cert\">Become a project supporter</a>, and receive a <a href=\"https://sandboxie-plus.com/go.php?to=sbie-cert\">supporter certificate</a>")); Message.append(tr("<br /><a href=\"https://sandboxie-plus.com/go.php?to=sbie-get-cert\">Become a project supporter</a>, and receive a <a href=\"https://sandboxie-plus.com/go.php?to=sbie-cert\">supporter certificate</a>"));
QMessageBox msgBox; QMessageBox msgBox(this);
msgBox.setTextFormat(Qt::RichText); msgBox.setTextFormat(Qt::RichText);
msgBox.setIcon(QMessageBox::Critical); msgBox.setIcon(QMessageBox::Critical);
msgBox.setWindowTitle("Sandboxie-Plus"); msgBox.setWindowTitle("Sandboxie-Plus");
@ -1206,7 +1243,7 @@ bool CSandMan::CheckCertificate()
// return false; // return false;
//} //}
QMessageBox msgBox; QMessageBox msgBox(this);
msgBox.setTextFormat(Qt::RichText); msgBox.setTextFormat(Qt::RichText);
msgBox.setIcon(QMessageBox::Information); msgBox.setIcon(QMessageBox::Information);
msgBox.setWindowTitle("Sandboxie-Plus"); msgBox.setWindowTitle("Sandboxie-Plus");
@ -1589,9 +1626,9 @@ void CSandMan::HandleMaintenance(SB_RESULT(void*) Status)
if (dwStatus != 0) if (dwStatus != 0)
{ {
if(m_bStopPending) if(m_bStopPending)
QMessageBox::warning(NULL, tr("Sandboxie-Plus - Error"), tr("Failed to stop all Sandboxie components")); QMessageBox::warning(this, tr("Sandboxie-Plus - Error"), tr("Failed to stop all Sandboxie components"));
else if(m_bConnectPending) else if(m_bConnectPending)
QMessageBox::warning(NULL, tr("Sandboxie-Plus - Error"), tr("Failed to start required Sandboxie components")); QMessageBox::warning(this, tr("Sandboxie-Plus - Error"), tr("Failed to start required Sandboxie components"));
OnLogMessage(tr("Maintenance operation failed (%1)").arg((quint32)dwStatus)); OnLogMessage(tr("Maintenance operation failed (%1)").arg((quint32)dwStatus));
CheckResults(QList<SB_STATUS>() << SB_ERR(dwStatus)); CheckResults(QList<SB_STATUS>() << SB_ERR(dwStatus));

2
SandboxiePlus/SandMan/SandMan.h
View File

@ -38,6 +38,8 @@ public:
SB_PROGRESS RecoverFiles(const QList<QPair<QString, QString>>& FileList, int Action = 0); SB_PROGRESS RecoverFiles(const QList<QPair<QString, QString>>& FileList, int Action = 0);
bool DoDeleteCmd(const CSandBoxPtr &pBox);
bool AddAsyncOp(const CSbieProgressPtr& pProgress, bool bWait = false, const QString& InitialMsg = QString()); bool AddAsyncOp(const CSbieProgressPtr& pProgress, bool bWait = false, const QString& InitialMsg = QString());
static QString FormatError(const SB_STATUS& Error); static QString FormatError(const SB_STATUS& Error);
static void CheckResults(QList<SB_STATUS> Results); static void CheckResults(QList<SB_STATUS> Results);

38
SandboxiePlus/SandMan/Views/SbieView.cpp
View File

@ -872,6 +872,17 @@ void CSbieView::OnSandBoxAction(QAction* Action)
return; return;
} }
if (theConf->GetInt("Options/WarnOpenRegistry", -1) == -1)
{
bool State = false;
if (CCheckableMessageBox::question(this, "Sandboxie-Plus", tr("WARNING: The opened registry editor is not sand boxed, please be careful and only do changes to the pre-selected sandbox locations.")
, tr("Don't show this warning in future"), &State, QDialogButtonBox::Ok | QDialogButtonBox::Cancel, QDialogButtonBox::Yes, QMessageBox::Information) != QDialogButtonBox::Ok)
return;
if (State)
theConf->SetValue("Options/WarnOpenRegistry", 1);
}
wstring path = QCoreApplication::applicationFilePath().toStdWString(); wstring path = QCoreApplication::applicationFilePath().toStdWString();
QStringList RegRoot = SandBoxes.first()->GetRegRoot().split("\\"); QStringList RegRoot = SandBoxes.first()->GetRegRoot().split("\\");
@ -1020,12 +1031,39 @@ void CSbieView::OnSandBoxAction(QAction* Action)
return; return;
foreach(const CSandBoxPtr &pBox, SandBoxes) foreach(const CSandBoxPtr &pBox, SandBoxes)
{
if (theConf->GetBool("Options/UseAsyncBoxOps", false))
{ {
auto pBoxEx = pBox.objectCast<CSandBoxPlus>(); auto pBoxEx = pBox.objectCast<CSandBoxPlus>();
SB_STATUS Status = pBoxEx->DeleteContentAsync(DeleteShapshots); SB_STATUS Status = pBoxEx->DeleteContentAsync(DeleteShapshots);
if (Status.IsError()) if (Status.IsError())
Results.append(Status); Results.append(Status);
} }
else
{
SB_STATUS Status1 = pBox->TerminateAll();
if (Status1.IsError()) {
Results.append(Status1);
continue;
}
if (!theGUI->DoDeleteCmd(pBox))
continue;
SB_PROGRESS Status;
if (!DeleteShapshots && pBox->HasSnapshots()) {
QString Default = pBox->GetDefaultSnapshot();
Status = pBox->SelectSnapshot(Default);
}
else // if there are no snapshots jut use the normal cleaning procedure
Status = pBox->CleanBox();
if (Status.GetStatus() == OP_ASYNC)
theGUI->AddAsyncOp(Status.GetValue());
else if (Status.IsError())
Results.append(Status);
}
}
} }
else if (Action == m_pMenuEmptyBox) else if (Action == m_pMenuEmptyBox)
{ {

18
SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
View File

@ -195,18 +195,19 @@ void COptionsWindow::ParseAndAddAccessEntry(EAccessEntry EntryType, const QStrin
case eOpenPipePath: Type = eFile; Mode = eOpen4All; break; case eOpenPipePath: Type = eFile; Mode = eOpen4All; break;
case eClosedFilePath: Type = eFile; Mode = eClosed; break; case eClosedFilePath: Type = eFile; Mode = eClosed; break;
case eReadFilePath: Type = eFile; Mode = eReadOnly; break; case eReadFilePath: Type = eFile; Mode = eReadOnly; break;
case eWriteFilePath: Type = eFile; Mode = eWriteOnly; break; case eWriteFilePath: Type = eFile; Mode = eBoxOnly; break;
case eNormalKeyPath: Type = eKey; Mode = eNormal; break; case eNormalKeyPath: Type = eKey; Mode = eNormal; break;
case eOpenKeyPath: Type = eKey; Mode = eOpen; break; case eOpenKeyPath: Type = eKey; Mode = eOpen; break;
case eOpenConfPath: Type = eKey; Mode = eOpen4All;break; case eOpenConfPath: Type = eKey; Mode = eOpen4All;break;
case eClosedKeyPath: Type = eKey; Mode = eClosed; break; case eClosedKeyPath: Type = eKey; Mode = eClosed; break;
case eReadKeyPath: Type = eKey; Mode = eReadOnly; break; case eReadKeyPath: Type = eKey; Mode = eReadOnly; break;
case eWriteKeyPath: Type = eKey; Mode = eWriteOnly; break; case eWriteKeyPath: Type = eKey; Mode = eBoxOnly; break;
case eNormalIpcPath: Type = eIPC; Mode = eNormal; break; case eNormalIpcPath: Type = eIPC; Mode = eNormal; break;
case eOpenIpcPath: Type = eIPC; Mode = eOpen; break; case eOpenIpcPath: Type = eIPC; Mode = eOpen; break;
case eClosedIpcPath: Type = eIPC; Mode = eClosed; break; case eClosedIpcPath: Type = eIPC; Mode = eClosed; break;
case eReadIpcPath: Type = eIPC; Mode = eReadOnly; break;
case eOpenWinClass: Type = eWnd; Mode = eOpen; break; case eOpenWinClass: Type = eWnd; Mode = eOpen; break;
@ -243,7 +244,7 @@ QString COptionsWindow::GetAccessModeStr(EAccessMode Mode)
case eClosed: return tr("Closed"); case eClosed: return tr("Closed");
case eClosedRT: return tr("Closed RT"); case eClosedRT: return tr("Closed RT");
case eReadOnly: return tr("Read Only"); case eReadOnly: return tr("Read Only");
case eWriteOnly: return tr("Boxed Only"); case eBoxOnly: return tr("Box Only (Write Only)");
} }
return tr("Unknown"); return tr("Unknown");
} }
@ -328,7 +329,7 @@ QString COptionsWindow::MakeAccessStr(EAccessType Type, EAccessMode Mode)
case eOpen4All: return "OpenPipePath"; case eOpen4All: return "OpenPipePath";
case eClosed: return "ClosedFilePath"; case eClosed: return "ClosedFilePath";
case eReadOnly: return "ReadFilePath"; case eReadOnly: return "ReadFilePath";
case eWriteOnly: return "WriteFilePath"; case eBoxOnly: return "WriteFilePath";
} }
break; break;
case eKey: case eKey:
@ -339,7 +340,7 @@ QString COptionsWindow::MakeAccessStr(EAccessType Type, EAccessMode Mode)
case eOpen4All: return "OpenConfPath"; case eOpen4All: return "OpenConfPath";
case eClosed: return "ClosedKeyPath"; case eClosed: return "ClosedKeyPath";
case eReadOnly: return "ReadKeyPath"; case eReadOnly: return "ReadKeyPath";
case eWriteOnly: return "WriteKeyPath"; case eBoxOnly: return "WriteKeyPath";
} }
break; break;
case eIPC: case eIPC:
@ -348,6 +349,7 @@ QString COptionsWindow::MakeAccessStr(EAccessType Type, EAccessMode Mode)
case eNormal: return "NormalIpcPath"; case eNormal: return "NormalIpcPath";
case eOpen: return "OpenIpcPath"; case eOpen: return "OpenIpcPath";
case eClosed: return "ClosedIpcPath"; case eClosed: return "ClosedIpcPath";
case eReadOnly: return "ReadIpcPath";
} }
break; break;
case eWnd: case eWnd:
@ -448,8 +450,8 @@ QList<COptionsWindow::EAccessMode> COptionsWindow::GetAccessModes(EAccessType Ty
{ {
switch (Type) switch (Type)
{ {
case eFile: return QList<EAccessMode>() << eNormal << eOpen << eOpen4All << eClosed << eReadOnly << eWriteOnly; case eFile: return QList<EAccessMode>() << eNormal << eOpen << eOpen4All << eClosed << eReadOnly << eBoxOnly;
case eKey: return QList<EAccessMode>() << eNormal << eOpen << eOpen4All << eClosed << eReadOnly << eWriteOnly; case eKey: return QList<EAccessMode>() << eNormal << eOpen << eOpen4All << eClosed << eReadOnly << eBoxOnly;
case eIPC: return QList<EAccessMode>() << eNormal << eOpen << eClosed; case eIPC: return QList<EAccessMode>() << eNormal << eOpen << eClosed;
case eWnd: return QList<EAccessMode>() << eOpen; case eWnd: return QList<EAccessMode>() << eOpen;
case eCOM: return QList<EAccessMode>() << eOpen << eClosed << eClosedRT; case eCOM: return QList<EAccessMode>() << eOpen << eClosed << eClosedRT;
@ -556,7 +558,7 @@ void COptionsWindow::SaveAccessList()
QStringList Keys = QStringList() QStringList Keys = QStringList()
<< "NormalFilePath" << "OpenFilePath" << "OpenPipePath" << "ClosedFilePath" << "ReadFilePath" << "WriteFilePath" << "NormalFilePath" << "OpenFilePath" << "OpenPipePath" << "ClosedFilePath" << "ReadFilePath" << "WriteFilePath"
<< "NormalKeyPath" << "OpenKeyPath" << "OpenConfPath" << "ClosedKeyPath" << "ReadKeyPath" << "WriteKeyPath" << "NormalKeyPath" << "OpenKeyPath" << "OpenConfPath" << "ClosedKeyPath" << "ReadKeyPath" << "WriteKeyPath"
<< "NormalIpcPath"<< "OpenIpcPath" << "ClosedIpcPath" << "OpenWinClass" << "OpenClsid" << "ClosedClsid" << "ClosedRT"; << "NormalIpcPath"<< "OpenIpcPath" << "ClosedIpcPath" << "ReadIpcPath" << "OpenWinClass" << "OpenClsid" << "ClosedClsid" << "ClosedRT";
QMap<QString, QList<QString>> AccessMap; QMap<QString, QList<QString>> AccessMap;
for (int i = 0; i < ui.treeAccess->topLevelItemCount(); i++) for (int i = 0; i < ui.treeAccess->topLevelItemCount(); i++)

3
SandboxiePlus/SandMan/Windows/OptionsWindow.h
View File

@ -202,6 +202,7 @@ protected:
eNormalIpcPath, eNormalIpcPath,
eOpenIpcPath, eOpenIpcPath,
eClosedIpcPath, eClosedIpcPath,
eReadIpcPath,
eOpenWinClass, eOpenWinClass,
@ -229,7 +230,7 @@ protected:
eClosed, eClosed,
eClosedRT, eClosedRT,
eReadOnly, eReadOnly,
eWriteOnly eBoxOnly
}; };
enum ETriggerAction { enum ETriggerAction {

10
SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
View File

@ -130,7 +130,7 @@ CSettingsWindow::CSettingsWindow(QWidget *parent)
m_FeaturesChanged = false; m_FeaturesChanged = false;
connect(ui.chkWFP, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged())); connect(ui.chkWFP, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged()));
connect(ui.chkObjCb, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged())); connect(ui.chkObjCb, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged()));
connect(ui.chkWin32k, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged())); //connect(ui.chkWin32k, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged()));
m_WarnProgsChanged = false; m_WarnProgsChanged = false;
@ -218,7 +218,7 @@ Qt::CheckState CSettingsWindow__IsContextMenu()
void CSettingsWindow__AddContextMenu() void CSettingsWindow__AddContextMenu()
{ {
CSbieUtils::AddContextMenu(QApplication::applicationDirPath().replace("/", "\\") + "\\SandMan.exe", CSbieUtils::AddContextMenu(QApplication::applicationDirPath().replace("/", "\\") + "\\SandMan.exe",
CSettingsWindow::tr("Run &Sandboxed"), CSettingsWindow::tr("Explore &Sandboxed"), CSettingsWindow::tr("Run &Sandboxed"), //CSettingsWindow::tr("Explore &Sandboxed"),
QApplication::applicationDirPath().replace("/", "\\") + "\\Start.exe"); QApplication::applicationDirPath().replace("/", "\\") + "\\Start.exe");
} }
@ -253,6 +253,7 @@ void CSettingsWindow::LoadSettings()
ui.chkShowRecovery->setChecked(theConf->GetBool("Options/ShowRecovery", false)); ui.chkShowRecovery->setChecked(theConf->GetBool("Options/ShowRecovery", false));
ui.chkNotifyRecovery->setChecked(!theConf->GetBool("Options/InstantRecovery", true)); ui.chkNotifyRecovery->setChecked(!theConf->GetBool("Options/InstantRecovery", true));
ui.chkAsyncBoxOps->setChecked(theConf->GetBool("Options/UseAsyncBoxOps", false));
ui.chkPanic->setChecked(theConf->GetBool("Options/EnablePanicKey", false)); ui.chkPanic->setChecked(theConf->GetBool("Options/EnablePanicKey", false));
ui.keyPanic->setKeySequence(QKeySequence(theConf->GetString("Options/PanicKeySequence", "Shift+Pause"))); ui.keyPanic->setKeySequence(QKeySequence(theConf->GetString("Options/PanicKeySequence", "Shift+Pause")));
@ -262,6 +263,7 @@ void CSettingsWindow::LoadSettings()
ui.cmbSysTray->setCurrentIndex(theConf->GetInt("Options/SysTrayIcon", 1)); ui.cmbSysTray->setCurrentIndex(theConf->GetInt("Options/SysTrayIcon", 1));
ui.cmbTrayBoxes->setCurrentIndex(theConf->GetInt("Options/SysTrayFilter", 0)); ui.cmbTrayBoxes->setCurrentIndex(theConf->GetInt("Options/SysTrayFilter", 0));
ui.chkBoxOpsNotify->setChecked(theConf->GetBool("Options/AutoBoxOpsNotify", false));
ui.cmbOnClose->setCurrentIndex(ui.cmbOnClose->findData(theConf->GetString("Options/OnClose", "ToTray"))); ui.cmbOnClose->setCurrentIndex(ui.cmbOnClose->findData(theConf->GetString("Options/OnClose", "ToTray")));
@ -277,7 +279,7 @@ void CSettingsWindow::LoadSettings()
ui.ipcRoot->setText(theAPI->GetGlobalSettings()->GetText("IpcRootPath", IpcRootPath_Default)); ui.ipcRoot->setText(theAPI->GetGlobalSettings()->GetText("IpcRootPath", IpcRootPath_Default));
ui.chkWFP->setChecked(theAPI->GetGlobalSettings()->GetBool("NetworkEnableWFP", false)); ui.chkWFP->setChecked(theAPI->GetGlobalSettings()->GetBool("NetworkEnableWFP", false));
ui.chkObjCb->setChecked(theAPI->GetGlobalSettings()->GetBool("EnableObjectFiltering", false)); ui.chkObjCb->setChecked(theAPI->GetGlobalSettings()->GetBool("EnableObjectFiltering", true));
ui.chkWin32k->setChecked(theAPI->GetGlobalSettings()->GetBool("EnableWin32kHooks", true)); ui.chkWin32k->setChecked(theAPI->GetGlobalSettings()->GetBool("EnableWin32kHooks", true));
ui.chkAdminOnly->setChecked(theAPI->GetGlobalSettings()->GetBool("EditAdminOnly", false)); ui.chkAdminOnly->setChecked(theAPI->GetGlobalSettings()->GetBool("EditAdminOnly", false));
@ -406,6 +408,7 @@ void CSettingsWindow::SaveSettings()
theConf->SetValue("Options/ShowRecovery", ui.chkShowRecovery->isChecked()); theConf->SetValue("Options/ShowRecovery", ui.chkShowRecovery->isChecked());
theConf->SetValue("Options/InstantRecovery", !ui.chkNotifyRecovery->isChecked()); theConf->SetValue("Options/InstantRecovery", !ui.chkNotifyRecovery->isChecked());
theConf->SetValue("Options/UseAsyncBoxOps", ui.chkAsyncBoxOps->isChecked());
theConf->SetValue("Options/EnablePanicKey", ui.chkPanic->isChecked()); theConf->SetValue("Options/EnablePanicKey", ui.chkPanic->isChecked());
theConf->SetValue("Options/PanicKeySequence", ui.keyPanic->keySequence().toString()); theConf->SetValue("Options/PanicKeySequence", ui.keyPanic->keySequence().toString());
@ -414,6 +417,7 @@ void CSettingsWindow::SaveSettings()
theConf->SetValue("Options/SysTrayIcon", ui.cmbSysTray->currentIndex()); theConf->SetValue("Options/SysTrayIcon", ui.cmbSysTray->currentIndex());
theConf->SetValue("Options/SysTrayFilter", ui.cmbTrayBoxes->currentIndex()); theConf->SetValue("Options/SysTrayFilter", ui.cmbTrayBoxes->currentIndex());
theConf->SetValue("Options/AutoBoxOpsNotify", ui.chkBoxOpsNotify->isChecked());
theConf->SetValue("Options/OnClose", ui.cmbOnClose->currentData()); theConf->SetValue("Options/OnClose", ui.cmbOnClose->currentData());