mirrors/Sandboxie
mirrors
/
Sandboxie
mirror of https://github.com/sandboxie-plus/Sandboxie.git
1
0
Fork 0
Code Releases Activity

1.1.0

This commit is contained in:
DavidXanatos 2022-02-13 13:27:26 +01:00
parent 9d8ef41fb5
commit e94568b3a4
28 changed files with 557 additions and 370 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
CHANGELOG.md
View File

@ -6,57 +6,79 @@ This project adheres to [Semantic Versioning](http://semver.org/).
# [1.1.0 / 5.56.0] - 2022-01-06
## [1.1.0 / 5.56.0] - 2022-01-??
### Added
- added support for NtRenameKey (this requires UseRegDeleteV2=y) [#205](https://github.com/sandboxie-plus/Sandboxie/issues/205)
- FIXED SECURITY ISSUE: memory of unsandboxed processes can no longer be read, except for exceptions
- added ReadIpcPath to enable more flexibility in IPC usage
### Changed
- reworked the mechanism sandboxie uses to mark host files as deleted
-- the new behavioure creates a data file in the box root FilePaths.dat instead of creating dummy files
-- it can be enabled with UseFileDeleteV2=y sane for the registry UseRegDeleteV2=y using RegPaths.dat
- disabled a couple driver based workarounds for boxes in compartment mode as then thay should not be required
- removed "AlwaysUseWin32kHooks", now these win32 hooks are always enabled
-- note: you can use "UseWin32kHooks=program.exe,n" to disable them for sellected programs
- EnableObjectFiltering is now set enabled by default, and replaces sbies old process/thread handle filter
### Fixed
- fixed folder rename issues (this requires UseFileDeleteV2=y) [#71](https://github.com/sandboxie-plus/Sandboxie/issues/71)
- fixed issue with process access [#1603](https://github.com/sandboxie-plus/Sandboxie/issues/1603)
# [1.0.10 / 5.55.10] - 2022-01-06
## [1.0.11 / 5.55.11] - 2022-02-14
### Added
- added option to show only boxes in tray with runnign processes [#1186](https://github.com/sandboxie-plus/Sandboxie/issues/1186)
-- additional option show only pinned bixes, in box options a bix can be set to be always shown in theay list (Pinned)
- added options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589)
- added 'Run Un-Sandboxed' context menu option
- added new trigger "OnBoxDelete" that allows to specify a command that is run UNBOXED just before the box content gets deleted
-- note: this can be used as a replacemetn to the DeleteCommand [#591](https://github.com/sandboxie-plus/Sandboxie/issues/591)
- sellected box operations (deletion) no longer show the progress dialog [1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
-- instead a box with a running operation show a blinking hour glass icon, the context menu can be used to cancel the operation
- added optional tray notification when a box content gets auto deleted
- added FreeDownloadManager template
- added warnign when opening unsandboxed regedit [#1606](https://github.com/sandboxie-plus/Sandboxie/issues/1606)
### Changed
- HideHostProcess=program.exe can now be used to hide sandboxie services [#1336](https://github.com/sandboxie-plus/Sandboxie/issues/1336)
- the asynchroniouse box operations introduced in the last build are due to a pupular request now disabled by default
- moved sys tray options from general to shell integration tab
### Fixed
- fixed compatybility issue with SECUROM [#1597](https://github.com/sandboxie-plus/Sandboxie/issues/1597)
- fixed modality issue [#1615](https://github.com/sandboxie-plus/Sandboxie/issues/1615)
## [1.0.10 / 5.55.10] - 2022-02-06
### Added
- added option to show only boxes in tray with running processes [#1186](https://github.com/sandboxie-plus/Sandboxie/issues/1186)
-- additional option shows only pinned boxes, in box options a box can be set to be always shown in tray list (Pinned)
- added Options menu command to reset the GUI [#1589](https://github.com/sandboxie-plus/Sandboxie/issues/1589)
- added `Run Un-Sandboxed` context menu option
- added new trigger `OnBoxDelete` that allows to specify a command that is run UNBOXED just before the box content gets deleted
-- note: this can be used as a replacement to `DeleteCommand` [#591](https://github.com/sandboxie-plus/Sandboxie/issues/591)
- selected box operations (deletion) no longer show the progress dialog [#1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
-- if a box with a running operation shows a blinking hour glass icon, the context menu can be used to cancel the operation
### Changed
- `HideHostProcess=program.exe` can now be used to hide sandboxie services [#1336](https://github.com/sandboxie-plus/Sandboxie/issues/1336)
- updater blocking is now done using a template called BlockSoftwareUpdaters
- enchanced "StartProgram=..." making "StartCommand=..." obsolete
-- for same functionality as "StartCommand=..." use "StartProgram=%SbieHome%\Start.exe ..."
- merged "Auto Start" General tab with the "Auto Exec" Advanced tab into a universal"Triggers" Advanced tab
- enhanced `StartProgram=...` makes `StartCommand=...` obsolete
-- for same functionality as `StartCommand=...`, use `StartProgram=%SbieHome%\Start.exe ...`
- merged `Auto Start` General tab with the `Auto Exec` Advanced tab into a universal `Triggers` Advanced tab
### Fixed
- fixed a couple issues with the new breakout process feature and improved security (thanks Diversenok)
- fixed issues with re opening already open windows [#1584](https://github.com/sandboxie-plus/Sandboxie/issues/1584)
- fixed issues with re-opening windows already open [#1584](https://github.com/sandboxie-plus/Sandboxie/issues/1584)
- fixed issue with desktop access [#1588](https://github.com/sandboxie-plus/Sandboxie/issues/1588)
- fixed issue handling commandline invokation [#1133](https://github.com/sandboxie-plus/Sandboxie/issues/1133)
- fixed ui issue with main window state when switching always on top attribute [#1169](https://github.com/sandboxie-plus/Sandboxie/issues/1169)
- fixed issue about command line invocation handling [#1133](https://github.com/sandboxie-plus/Sandboxie/issues/1133)
- fixed UI issue with main window state when switching always on top attribute [#1169](https://github.com/sandboxie-plus/Sandboxie/issues/1169)
- fixed issue with box context menu in tray list [1106](https://github.com/sandboxie-plus/Sandboxie/issues/1106)
- fixed issue with "AutoExec=..."
- fixed issues canceling box deletion operations didn't working [1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
- fixed issue with `AutoExec=...`
- fixed issues where canceling box deletion operations didn't work [#1061](https://github.com/sandboxie-plus/Sandboxie/issues/1061)
- fixed issue with DPI scalling and color picker dialog [#803](https://github.com/sandboxie-plus/Sandboxie/issues/803)
### Removed
- removed UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y used for free download manager as it broke other things
-- when using free download manager ad the line manually to your sandboxie.ini
- removed `UseRpcMgmtSetComTimeout=AppXDeploymentClient.dll,y` used for Free Download Manager as it broke other things
-- only if you use Free Download Manager together with the setting `RpcMgmtSetComTimeout=n` in a sandbox, you have to add the line manually to your Sandboxie.ini

6
Sandboxie/common/pool.c
View File

@ -373,7 +373,7 @@ static const WCHAR *Pool_large_chunks_lock_Name = L"PoolLockL";
ALIGNED void *Pool_Alloc_Mem(ULONG size, ULONG tag)
{
void *ptr;
void *ptr = NULL;
Pool_Timing(NULL);
@ -382,7 +382,9 @@ ALIGNED void *Pool_Alloc_Mem(ULONG size, ULONG tag)
#ifdef KERNEL_MODE
ptr = ExAllocatePoolWithTag(PagedPool, size, tag);
#else
ptr = VirtualAlloc(0, size, MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN,
//ptr = VirtualAlloc(0, size, MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN,
ULONG_PTR RegionSize = size;
NtAllocateVirtualMemory(NtCurrentProcess(), &ptr, 0, &RegionSize, MEM_RESERVE | MEM_COMMIT | MEM_TOP_DOWN,
((UCHAR)tag == 0xFF ? PAGE_EXECUTE_READWRITE : PAGE_READWRITE));
#endif
// printf("Allocated %d bytes at %08X\n", size, ptr);

9
Sandboxie/common/wow64ext/CMemPtr.h
View File

@ -34,14 +34,21 @@ public:
{
if (*m_ptr && watchActive)
{
free(*m_ptr);
HeapFree(GetProcessHeap(), 0, *m_ptr);
*m_ptr = 0;
}
}
static void* Alloc(size_t size) {
return HeapAlloc(GetProcessHeap(), 0, size);
}
void disableWatch() { watchActive = false; }
};
#define NEW(size) \
CMemPtr::Alloc(size)
#define WATCH(ptr) \
CMemPtr watch_##ptr((void**)&ptr)

19
Sandboxie/common/wow64ext/wow64ext.cpp
View File

@ -37,17 +37,6 @@
//HANDLE g_heap;
BOOL g_isWow64 = TRUE;
void* malloc(size_t size)
{
return HeapAlloc(GetProcessHeap(), 0, size);
}
void free(void* ptr)
{
if (nullptr != ptr)
HeapFree(GetProcessHeap(), 0, ptr);
}
#include "CMemPtr.h"
/*int _wcsicmp(const wchar_t *string1, const wchar_t *string2)
@ -329,7 +318,7 @@ extern "C" DWORD64 __cdecl GetModuleHandle64(const wchar_t* lpModuleName)
{
getMem64(&head, head.InLoadOrderLinks.Flink, sizeof(LDR_DATA_TABLE_ENTRY64));
wchar_t* tempBuf = (wchar_t*)malloc(head.BaseDllName.MaximumLength);
wchar_t* tempBuf = (wchar_t*)NEW(head.BaseDllName.MaximumLength);
if (nullptr == tempBuf)
return 0;
WATCH(tempBuf);
@ -373,19 +362,19 @@ DWORD64 getLdrGetProcedureAddress()
IMAGE_EXPORT_DIRECTORY ied;
getMem64(&ied, modBase + idd.VirtualAddress, sizeof(ied));
DWORD* rvaTable = (DWORD*)malloc(sizeof(DWORD)*ied.NumberOfFunctions);
DWORD* rvaTable = (DWORD*)NEW(sizeof(DWORD)*ied.NumberOfFunctions);
if (nullptr == rvaTable)
return 0;
WATCH(rvaTable);
getMem64(rvaTable, modBase + ied.AddressOfFunctions, sizeof(DWORD)*ied.NumberOfFunctions);
WORD* ordTable = (WORD*)malloc(sizeof(WORD)*ied.NumberOfFunctions);
WORD* ordTable = (WORD*)NEW(sizeof(WORD)*ied.NumberOfFunctions);
if (nullptr == ordTable)
return 0;
WATCH(ordTable);
getMem64(ordTable, modBase + ied.AddressOfNameOrdinals, sizeof(WORD)*ied.NumberOfFunctions);
DWORD* nameTable = (DWORD*)malloc(sizeof(DWORD)*ied.NumberOfNames);
DWORD* nameTable = (DWORD*)NEW(sizeof(DWORD)*ied.NumberOfNames);
if (nullptr == nameTable)
return 0;
WATCH(nameTable);

9
Sandboxie/core/dll/Win32.c
View File

@ -393,21 +393,20 @@ _FX BOOLEAN Win32_Init(HMODULE hmodule)
if (Dll_OsBuild < 10041 || (Dll_ProcessFlags & SBIE_FLAG_WIN32K_HOOKABLE) == 0 || !SbieApi_QueryConfBool(NULL, L"EnableWin32kHooks", TRUE))
return TRUE; // just return on older builds, or not enabled
if (Dll_CompartmentMode || SbieApi_data->flags.bNoSysHooks)
return TRUE;
// disable Electron Workaround when we are ready to hook the required win32k syscalls
extern BOOL Dll_ElectronWorkaround;
Dll_ElectronWorkaround = FALSE;
if (Dll_CompartmentMode || SbieApi_data->flags.bNoSysHooks)
return TRUE;
//
// chrome needs for a working GPU acceleration the GdiDdDDI* win32k syscalls to have the right user token
//
WCHAR* cmdline = GetCommandLine();
if ((wcsstr(cmdline, L"--type=gpu-process") != NULL && wcsstr(cmdline, L"--gpu-preferences=") != NULL)
|| SbieDll_GetSettingsForName_bool(NULL, Dll_ImageName, L"AlwaysUseWin32kHooks", FALSE)) {
if (SbieDll_GetSettingsForName_bool(NULL, Dll_ImageName, L"UseWin32kHooks", TRUE)) {
#ifndef _WIN64
if (Dll_IsWow64)

10
Sandboxie/core/dll/debug.c
View File

@ -407,15 +407,13 @@ void DbgPrint(const char* format, ...)
va_list va_args;
va_start(va_args, format);
char *tmp1 = Dll_AllocTemp(510);
char tmp1[510];
extern int(*P_vsnprintf)(char *_Buffer, size_t Count, const char * const, va_list Args);
P_vsnprintf(tmp1, 510, format, va_args);
OutputDebugStringA(tmp1);
Dll_Free(tmp1);
va_end(va_args);
}
@ -431,18 +429,16 @@ void DbgTrace(const char* format, ...)
va_list va_args;
va_start(va_args, format);
char *tmp1 = Dll_AllocTemp(510);
char tmp1[510];
WCHAR tmp2[510];
extern int(*P_vsnprintf)(char *_Buffer, size_t Count, const char * const, va_list Args);
P_vsnprintf(tmp1, 510, format, va_args);
WCHAR *tmp2 = Dll_AllocTemp(510*sizeof(WCHAR));
Sbie_snwprintf((WCHAR *)tmp2, 510, L"%S", tmp1);
SbieApi_MonitorPut2(MONITOR_OTHER | MONITOR_TRACE, tmp2, FALSE);
Dll_Free(tmp1);
va_end(va_args);
}

3
Sandboxie/core/drv/conf.c
View File

@ -1458,8 +1458,7 @@ _FX NTSTATUS Conf_Api_Reload(PROCESS *proc, ULONG64 *parms)
}
}
BOOLEAN obj_filter_enabled = Conf_Get_Boolean(NULL, L"EnableObjectFiltering", 0, FALSE);
extern BOOLEAN Obj_CallbackInstalled;
BOOLEAN obj_filter_enabled = Conf_Get_Boolean(NULL, L"EnableObjectFiltering", 0, TRUE);
if (Obj_CallbackInstalled != obj_filter_enabled && Driver_OsVersion > DRIVER_WINDOWS_VISTA) {
if (obj_filter_enabled) {
Obj_Load_Filter();

19
Sandboxie/core/drv/file.c
View File

@ -671,21 +671,18 @@ _FX BOOLEAN File_InitPaths(PROCESS *proc,
//
ok = Process_GetPaths(proc, normal_file_paths, _NormalPath, TRUE);
if (ok && proc->use_privacy_mode) {
for (i = 0; normalpaths[i] && ok; ++i) {
ok = Process_AddPath(
proc, normal_file_paths, NULL, TRUE, normalpaths[i], FALSE);
}
}
if (! ok) {
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
return FALSE;
}
if (proc->use_privacy_mode) {
for (i = 0; normalpaths[i] && ok; ++i) {
ok = Process_AddPath(proc, normal_file_paths, _NormalPath, TRUE, normalpaths[i], FALSE);
}
if (!ok) {
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
return FALSE;
}
}
#endif
//

8
Sandboxie/core/drv/gui_xp.c
View File

@ -1311,9 +1311,11 @@ _FX ULONG_PTR Gui_NtUserPostThreadMessage(
status = STATUS_SUCCESS;
else {
status = Gui_CheckBoxedThread(proc, idThread, &idProcess);
if (status == STATUS_ACCESS_DENIED)
status = Process_CheckProcessName(
proc, &proc->open_win_classes, idProcess, NULL);
if (status == STATUS_ACCESS_DENIED) {
if (Process_CheckProcessName(
proc, &proc->open_win_classes, idProcess, NULL))
status = STATUS_SUCCESS;
}
}
if (Session_MonitorCount && !proc->disable_monitor) {

51
Sandboxie/core/drv/ipc.c
View File

@ -157,8 +157,7 @@ _FX BOOLEAN Ipc_Init(void)
if (Driver_OsVersion > DRIVER_WINDOWS_VISTA) {
// Don't use experimental features by default
if (Conf_Get_Boolean(NULL, L"EnableObjectFiltering", 0, FALSE)) {
if (Conf_Get_Boolean(NULL, L"EnableObjectFiltering", 0, TRUE)) {
if (!Obj_Load_Filter())
return FALSE;
@ -381,6 +380,7 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
#endif
static const WCHAR* _OpenPath = L"OpenIpcPath";
static const WCHAR* _ClosedPath = L"ClosedIpcPath";
static const WCHAR* _ReadPath = L"ReadIpcPath";
static const WCHAR* openpaths[] = {
L"\\Windows\\ApiPort",
L"\\Sessions\\*\\Windows\\ApiPort",
@ -576,6 +576,10 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
// NULL
//};
#endif
static const WCHAR *readpaths[] = {
L"$:explorer.exe",
NULL
};
ULONG i;
BOOLEAN ok;
@ -586,21 +590,19 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
#ifdef USE_MATCH_PATH_EX
ok = Process_GetPaths(proc, &proc->normal_ipc_paths, _NormalPath, FALSE);
//if (ok && proc->use_privacy_mode) {
//
// for (i = 0; normalpaths[i] && ok; ++i) {
// ok = Process_AddPath(proc, &proc->normal_ipc_paths, NULL,
// TRUE, normalpaths[i], FALSE);
// }
//}
if (!ok) {
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
return FALSE;
}
//if (proc->use_privacy_mode) {
// for (i = 0; normalpaths[i] && ok; ++i) {
// ok = Process_AddPath(proc, &proc->normal_ipc_paths, _NormalPath, TRUE, normalpaths[i], FALSE);
// }
//
// if (! ok) {
// Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
// return FALSE;
// }
//}
#endif
//
@ -696,6 +698,29 @@ _FX BOOLEAN Ipc_InitPaths(PROCESS* proc)
return FALSE;
}
//
// read-only paths
//
ok = Process_GetPaths(proc, &proc->read_ipc_paths, _ReadPath, TRUE);
if (ok) {
for (i = 0; readpaths[i] && ok; ++i) {
ok = Process_AddPath(proc, &proc->read_ipc_paths, NULL,
TRUE, readpaths[i], FALSE);
}
}
if (! ok) {
Log_MsgP1(MSG_INIT_PATHS, _ReadPath, proc->pid);
return FALSE;
}
//
// other options
//
proc->ipc_warn_startrun = Conf_Get_Boolean(
proc->box->name, L"NotifyStartRunAccessDenied", 0, TRUE);

8
Sandboxie/core/drv/key.c
View File

@ -260,16 +260,18 @@ _FX BOOLEAN Key_InitProcess(PROCESS *proc)
return FALSE;
}
if (proc->use_privacy_mode) {
if (ok && proc->use_privacy_mode) {
for (i = 0; normalpaths[i] && ok; ++i) {
ok = Process_AddPath(proc, &proc->normal_key_paths, _NormalPath, TRUE, normalpaths[i], FALSE);
ok = Process_AddPath(proc, &proc->normal_key_paths, NULL,
TRUE, normalpaths[i], FALSE);
}
}
if (!ok) {
Log_MsgP1(MSG_INIT_PATHS, _NormalPath, proc->pid);
return FALSE;
}
}
#endif
//

3
Sandboxie/core/drv/log.c
View File

@ -237,7 +237,6 @@ _FX void Log_Msg(
const WCHAR *string1,
const WCHAR *string2)
{
//DbgPrint("Sbie MSG_%d: %S; %S\r\n", (error_code & 0xFFFF), string1, string2);
Log_Msg_Session(error_code, string1, string2, -1);
}
@ -268,6 +267,8 @@ _FX void Log_Msg_Process(
ULONG session_id,
HANDLE process_id)
{
DbgPrint("Sbie MSG_%d: %S; %S\r\n", (error_code & 0xFFFF), string1, string2);
ULONG facility = (error_code >> 16) & 0x0F;
if (facility & MSG_FACILITY_EVENT)
Log_Event_Msg(error_code, string1, string2);

1
Sandboxie/core/drv/obj.h
View File

@ -91,6 +91,7 @@ extern const OBJECT_NAME_INFORMATION Obj_Unnamed;
extern P_ObGetObjectType pObGetObjectType;
extern P_ObQueryNameInfo pObQueryNameInfo;
extern BOOLEAN Obj_CallbackInstalled;
//---------------------------------------------------------------------------
// Macros Related to ParseProcedure

8
Sandboxie/core/drv/obj_flt.c
View File

@ -240,9 +240,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
goto Exit;
PEPROCESS ProcessObject = (PEPROCESS)PreInfo->Object;
ACCESS_MASK WriteAccess = (InitialDesiredAccess & PROCESS_DENIED_ACCESS_MASK);
if (!NT_SUCCESS(Thread_CheckObject_Common(
proc, ProcessObject, InitialDesiredAccess, WriteAccess, L'P'))) {
if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, InitialDesiredAccess, TRUE))) {
#ifdef DRV_BREAKOUT
//
@ -301,9 +299,7 @@ _FX OB_PREOP_CALLBACK_STATUS Obj_PreOperationCallback(
goto Exit;
PEPROCESS ProcessObject = PsGetThreadProcess((PETHREAD)PreInfo->Object);
ACCESS_MASK WriteAccess = (InitialDesiredAccess & THREAD_DENIED_ACCESS_MASK);
if (!NT_SUCCESS(Thread_CheckObject_Common(
proc, ProcessObject, InitialDesiredAccess, WriteAccess, L'T'))) {
if (!NT_SUCCESS(Thread_CheckObject_Common(proc, ProcessObject, InitialDesiredAccess, FALSE))) {
*DesiredAccess = 0; // deny any access
}
//ObjectTypeName = L"PsThreadType";

2
Sandboxie/core/drv/process.c
View File

@ -728,8 +728,6 @@ _FX PROCESS *Process_Create(
proc->dont_open_for_boxed = !proc->bAppCompartment && Conf_Get_Boolean(proc->box->name, L"DontOpenForBoxed", 0, TRUE);
proc->hide_other_boxes = Conf_Get_Boolean(proc->box->name, L"HideOtherBoxes", 0, FALSE);
//
// privacy mode requirers Rule Specificity
//

8
Sandboxie/core/drv/process.h
View File

@ -139,7 +139,6 @@ struct _PROCESS {
BOOLEAN always_close_for_boxed;
BOOLEAN dont_open_for_boxed;
BOOLEAN hide_other_boxes;
#ifdef USE_MATCH_PATH_EX
BOOLEAN use_rule_specificity;
BOOLEAN use_privacy_mode;
@ -189,6 +188,7 @@ struct _PROCESS {
#endif
LIST open_ipc_paths; // PATTERN elements
LIST closed_ipc_paths; // PATTERN elements
LIST read_ipc_paths; // PATTERN elements
ULONG ipc_trace;
BOOLEAN disable_object_flt;
BOOLEAN ipc_warn_startrun;
@ -371,10 +371,10 @@ void Process_GetProcessName(
// Check if open_path contains setting "$:ProcessName.exe"
// where ProcessName matches the specified idProcess.
// If not contained, returns STATUS_ACCESS_DENIED with *pSetting = NULL
// If contained, returns STATUS_SUCCESS with *pSetting -> matching setting
// If not contained, returns FALSE with *pSetting = NULL
// If contained, returns TRUE with *pSetting -> matching setting
NTSTATUS Process_CheckProcessName(
BOOLEAN Process_CheckProcessName(
PROCESS *proc, LIST *open_paths, ULONG_PTR idProcess,
const WCHAR **pSetting);

3
Sandboxie/core/drv/process_api.c
View File

@ -785,6 +785,9 @@ _FX NTSTATUS Process_Api_QueryPathList(PROCESS *proc, ULONG64 *parms)
} else if (args->path_code.val == 'ic') {
list = &proc->closed_ipc_paths;
lock = proc->ipc_lock;
} else if (args->path_code.val == 'ir') {
list = &proc->read_ipc_paths;
lock = proc->ipc_lock;
} else if (args->path_code.val == 'wo') {
list = &proc->open_win_classes;

12
Sandboxie/core/drv/process_util.c
View File

@ -1173,23 +1173,23 @@ _FX void Process_GetProcessName(
//---------------------------------------------------------------------------
_FX NTSTATUS Process_CheckProcessName(
_FX BOOLEAN Process_CheckProcessName(
PROCESS *proc, LIST *open_paths, ULONG_PTR idProcess,
const WCHAR **pSetting)
{
NTSTATUS status;
BOOLEAN result;
PATTERN *pat;
void *nbuf;
ULONG nlen;
WCHAR *nptr;
status = STATUS_ACCESS_DENIED;
result = FALSE;
if (pSetting)
*pSetting = NULL;
if (! idProcess)
return status;
return result;
nbuf = NULL;
nlen = 0;
@ -1213,7 +1213,7 @@ _FX NTSTATUS Process_CheckProcessName(
break;
}
if (_wcsicmp(nptr, src + 2) == 0) {
status = STATUS_SUCCESS;
result = TRUE;
if (pSetting)
*pSetting = src;
break;
@ -1224,7 +1224,7 @@ _FX NTSTATUS Process_CheckProcessName(
if (nbuf)
Mem_Free(nbuf, nlen);
return status;
return result;
}

88
Sandboxie/core/drv/thread.c
View File

@ -25,6 +25,7 @@
#include "process.h"
#include "syscall.h"
#include "token.h"
#include "obj.h"
#include "session.h"
#include "api.h"
@ -147,6 +148,7 @@ _FX BOOLEAN Thread_Init(void)
"ImpersonateAnonymousToken", Thread_ImpersonateAnonymousToken))
return FALSE;
//
// set object open handlers
//
@ -168,6 +170,7 @@ _FX BOOLEAN Thread_Init(void)
return FALSE;
}
//
// set API handlers
//
@ -947,10 +950,9 @@ _FX NTSTATUS Thread_CheckProcessObject(
PROCESS *proc, void *Object, UNICODE_STRING *Name,
ACCESS_MASK GrantedAccess)
{
if (Obj_CallbackInstalled) return STATUS_SUCCESS; // ObCallbacks takes care of that already
PEPROCESS ProcessObject = (PEPROCESS)Object;
ACCESS_MASK WriteAccess = (GrantedAccess & PROCESS_DENIED_ACCESS_MASK);
return Thread_CheckObject_Common(
proc, ProcessObject, GrantedAccess, WriteAccess, L'P');
return Thread_CheckObject_Common(proc, ProcessObject, GrantedAccess, TRUE);
}
@ -963,10 +965,9 @@ _FX NTSTATUS Thread_CheckThreadObject(
PROCESS *proc, void *Object, UNICODE_STRING *Name,
ACCESS_MASK GrantedAccess)
{
if (Obj_CallbackInstalled) return STATUS_SUCCESS; // ObCallbacks takes care of that already
PEPROCESS ProcessObject = PsGetThreadProcess(Object);
ACCESS_MASK WriteAccess = (GrantedAccess & THREAD_DENIED_ACCESS_MASK);
return Thread_CheckObject_Common(
proc, ProcessObject, GrantedAccess, WriteAccess, L'T');
return Thread_CheckObject_Common(proc, ProcessObject, GrantedAccess, FALSE);
}
@ -977,11 +978,34 @@ _FX NTSTATUS Thread_CheckThreadObject(
_FX NTSTATUS Thread_CheckObject_Common(
PROCESS *proc, PEPROCESS ProcessObject,
ACCESS_MASK GrantedAccess, ACCESS_MASK WriteAccess, WCHAR Letter1)
ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess)
{
ULONG_PTR pid;
const WCHAR *pSetting;
NTSTATUS status;
WCHAR Letter1;
ACCESS_MASK WriteAccess;
ACCESS_MASK ReadAccess;
if (EntireProcess) {
Letter1 = L'P';
WriteAccess = (GrantedAccess & PROCESS_DENIED_ACCESS_MASK);
ReadAccess = (GrantedAccess & PROCESS_VM_READ);
//
// PROCESS_QUERY_INFORMATION allows to steal an attached debug object
// using object filtering mitigates this issue
// but when its not active we should block that access
//
if(!Obj_CallbackInstalled)
ReadAccess |= (GrantedAccess & PROCESS_QUERY_INFORMATION);
}
else {
Letter1 = L'T';
WriteAccess = (GrantedAccess & THREAD_DENIED_ACCESS_MASK);
ReadAccess = 0;
}
//
// if an error occured and can't find pid, then don't allow
@ -992,24 +1016,14 @@ _FX NTSTATUS Thread_CheckObject_Common(
if (! pid)
return STATUS_ACCESS_DENIED;
//
// for read-only access to the target process, we don't care
// if/which boxes are involved
//
if (pid && (WriteAccess == 0) && !proc->hide_other_boxes) {
status = STATUS_SUCCESS;
goto trace;
}
//
// otherwise this is write access, confirm if same box
// allow access if it's within the same box
//
if (Process_IsSameBox(proc, NULL, pid)) {
status = STATUS_SUCCESS;
goto trace;
}
if (Process_IsSameBox(proc, NULL, pid))
goto finish;
//
// also permit if process is exiting, because it is possible that
@ -1018,18 +1032,34 @@ _FX NTSTATUS Thread_CheckObject_Common(
// (e.g. VS2012 MSBuild.exe does this with the csc.exe compiler)
//
if (PsGetProcessExitProcessCalled(ProcessObject)) {
status = STATUS_SUCCESS;
goto trace;
}
if (PsGetProcessExitProcessCalled(ProcessObject))
goto finish;
//
// write access outside box, check if we have the following setting
// access outside box, check if we have the following setting
// OpenIpcPath=$:ProcessName.exe
//
status = Process_CheckProcessName(
proc, &proc->open_ipc_paths, pid, &pSetting);
if (Process_CheckProcessName(proc, &proc->closed_ipc_paths, pid, &pSetting)) {
status = STATUS_ACCESS_DENIED;
} else if (WriteAccess != 0 || ReadAccess != 0) {
if (!Process_CheckProcessName(proc, &proc->open_ipc_paths, pid, &pSetting)) {
if (WriteAccess != 0) {
status = STATUS_ACCESS_DENIED;
} else if (!Process_CheckProcessName(proc, &proc->read_ipc_paths, pid, &pSetting)) {
status = STATUS_ACCESS_DENIED;
}
}
}
//
// log the cross-sandbox access attempt, based on the status code
@ -1059,12 +1089,12 @@ _FX NTSTATUS Thread_CheckObject_Common(
}
}
finish:
//
// trace
//
trace:
if (proc->ipc_trace & (TRACE_ALLOW | TRACE_DENY)) {
WCHAR str[32];

2
Sandboxie/core/drv/thread.h
View File

@ -96,7 +96,7 @@ THREAD *Thread_GetByThreadId(PROCESS *proc, HANDLE tid);
NTSTATUS Thread_CheckObject_Common(
PROCESS *proc, PEPROCESS ProcessObject,
ACCESS_MASK GrantedAccess, ACCESS_MASK WriteAccess, WCHAR Letter1);
ACCESS_MASK GrantedAccess, BOOLEAN EntireProcess);
//---------------------------------------------------------------------------

53
Sandboxie/install/Templates.ini
View File

@ -1524,7 +1524,7 @@ OpenWinClass=TENTrayMainWindow
OpenWinClass=ENMainFrame
OpenWinClass=ENMainFrame3
OpenWinClass=HwndWrapper[Evernote.exe;*
OpenWinClass=$:EvernoteClipper.exe
OpenWinClass=$:EvernoteClipper.exe/IgnoreUIPI
LingerProcess=EvernoteClipper.exe
[Template_MetaProducts_Inquiry]
@ -1574,7 +1574,7 @@ Tmpl.Url=http://www.kinook.com/UltraRecall/
Tmpl.Scan=s
Tmpl.ScanProduct=Ultra Recall_is1
OpenWinClass=Afx:00400000:0
OpenWinClass=$:UltraRecall.exe
OpenWinClass=$:UltraRecall.exe/IgnoreUIPI
OpenIpcPath=*\BaseNamedObjects*\UltraRecall
#
@ -1750,7 +1750,7 @@ Tmpl.Class=Security
Tmpl.Url=http://www.covenanteyes.com/
Tmpl.Scan=i
OpenIpcPath=*\BaseNamedObjects*\CE_*Obj
OpenWinClass=$:nmSvc.exe
OpenWinClass=$:nmSvc.exe/IgnoreUIPI
[Template_ComodoInternetSecurity]
Tmpl.Title=Comodo Internet Security / Antivirus / Firewall
@ -1939,7 +1939,7 @@ Tmpl.Url=http://technet.microsoft.com/en-us/security/jj653751
Tmpl.Scan=s
Tmpl.ScanKey=\REGISTRY\MACHINE\SOFTWARE\Microsoft\EMET
OpenIpcPath=*\BaseNamedObjects*\emet_pid_*
OpenWinClass=$:EMET_notifier.exe
OpenWinClass=$:EMET_notifier.exe/IgnoreUIPI
# EMET 4
OpenPipePath=\Device\Mailslot\EMET_Agent_*
OpenPipePath=\Device\Mailslot\EMET_Recipient_*
@ -2046,7 +2046,7 @@ Tmpl.Url=http://windows.microsoft.com/en-US/windows/products/security-essentials
Tmpl.Scan=s
Tmpl.ScanService=MsMpSvc
OpenWinClass=msseces_class
OpenWinClass=$:msseces.exe
OpenWinClass=$:msseces.exe/IgnoreUIPI
IContextMenuClsid={09A47860-11B0-4DA5-AFA5-26D86198A780}
[Template_Mirekusoft_Install_Monitor]
@ -2244,7 +2244,7 @@ Tmpl.Class=Security
Tmpl.Url=http://www.proxifier.com/
Tmpl.Scan=w
OpenWinClass=Proxifier32Cls
OpenWinClass=$:proxifier.exe
OpenWinClass=$:proxifier.exe/IgnoreUIPI
OpenIpcPath=*\BaseNamedObjects*\Proxifier*
OpenPipePath=\Device\NamedPipe\proxifier
@ -2411,7 +2411,7 @@ Tmpl.Class=Desktop
Tmpl.Url=http://support.asus.com/Download.aspx?SLanguage=en&m=Eee+PC+1015PX&p=20&s=1
Tmpl.Scan=s
Tmpl.ScanProduct={4B5092B6-F231-4D18-83BC-2618B729CA45}
OpenWinClass=$:CapsHook.exe
OpenWinClass=$:CapsHook.exe/IgnoreUIPI
[Template_AcerGridVista]
Tmpl.Title=Acer GridVista
@ -2535,7 +2535,7 @@ Tmpl.Class=Desktop
Tmpl.Url=http://www.cottonwoodsw.com/fx3summ.html
Tmpl.Scan=s
Tmpl.ScanProduct=File-Ex v3.*
OpenWinClass=$:FileEx.exe
OpenWinClass=$:FileEx.exe/IgnoreUIPI
[Template_GoogleToolbarIE]
Tmpl.Title=Google Toolbar for Internet Explorer
@ -2546,7 +2546,7 @@ OpenIpcPath=*\BaseNamedObjects*\{B7F1F778-8315-4EB2-AC1E-5AFCAA603271}
OpenIpcPath=*\BaseNamedObjects*\{DEBFCCE1-B446-4992-9C9E-CA1CB548C718}
OpenIpcPath=*\BaseNamedObjects*\*{E709AE98-F4E6-40DE-BE47-CFBA9B4605C0}
OpenWinClass={A7E495BF-9589-4A6E-8479-DDA2D8D3C05F}
OpenWinClass=$:GoogleToolbarNotifier.exe
OpenWinClass=$:GoogleToolbarNotifier.exe/IgnoreUIPI
OpenClsid={FBA44040-BD27-4A09-ACC8-C08B7C723DCD}
LingerProcess=GoogleToolbarUser.exe
LingerProcess=GoogleToolbarUser_32.exe
@ -2608,7 +2608,7 @@ Tmpl.Class=Desktop
Tmpl.Url=http://www.intelife.net/ninja/
Tmpl.Scan=i
OpenIpcPath=*\BaseNamedObjects*\KEYBOARD_NINJA_2
OpenWinClass=$:ninja.exe
OpenWinClass=$:ninja.exe/IgnoreUIPI
[Template_Lingoes]
Tmpl.Title=Lingoes Translator
@ -2618,7 +2618,7 @@ Tmpl.Scan=i
OpenIpcPath=*\BaseNamedObjects*\OpenText_ZWFilter_GlobaData*
OpenIpcPath=*\BaseNamedObjects*\OpenText_GrabText_GlobaData*
OpenIpcPath=*\BaseNamedObjects*\OpenText_GrabText_Mutex*
OpenWinClass=$:lingoes.exe
OpenWinClass=$:lingoes.exe/IgnoreUIPI
[Template_Linkman]
Tmpl.Title=Linkman
@ -2637,19 +2637,20 @@ Tmpl.Url=http://www.xrayz.co.uk/
Tmpl.Scan=w
OpenWinClass=LinkStash
OpenWinClass=LinkStashMonitor
OpenWinClass=$:lnkstash.exe
OpenWinClass=$:lnkstash.exe/IgnoreUIPI
[Template_Listary]
Tmpl.Title=Listary
Tmpl.Class=Desktop
Tmpl.Url=http://www.listary.com/
Tmpl.Url=https://www.listary.com/
Tmpl.Scan=s
Tmpl.ScanProduct=Listary_is1
OpenIpcPath=*\BaseNamedObjects*\ListarySharedData
OpenWinClass=ListaryToolbarCls
OpenWinClass=$:listary.exe
# v4
OpenWinClass=$:listary.exe/IgnoreUIPI
# v5
OpenIpcPath=*\BaseNamedObjects*\Listary_MainSharedMemory
# v6
OpenIpcPath=*\BaseNamedObjects*\ListaryX_MainSharedMemory
[Template_Logitech_G15_Keyboard]
Tmpl.Title=Logitech Keyboard LCD Display
@ -2880,13 +2881,13 @@ Tmpl.Class=Desktop
Tmpl.Url=http://www.sumitsoft.com/
Tmpl.Scan=i
OpenIpcPath=*\BaseNamedObjects*\Typing Assistant (*)
OpenWinClass=$:Typing Assistant (English).exe
OpenWinClass=$:Typing Assistant (French).exe
OpenWinClass=$:Typing Assistant (German).exe
OpenWinClass=$:Typing Assistant (Hungarian).exe
OpenWinClass=$:Typing Assistant (Italian).exe
OpenWinClass=$:Typing Assistant (Portuguese).exe
OpenWinClass=$:Typing Assistant (Spanish).exe
OpenWinClass=$:Typing Assistant (English).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (French).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (German).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (Hungarian).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (Italian).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (Portuguese).exe/IgnoreUIPI
OpenWinClass=$:Typing Assistant (Spanish).exe/IgnoreUIPI
[Template_TwoPilots_SpeedTyping]
Tmpl.Title=Two Pilots Speed Typing
@ -3154,6 +3155,12 @@ OpenClsid={AC746233-E9D3-49CD-862F-068F7B7CCCA4}
# prevent access to host port
# BlockPort=1001
[Template_FreeDownloadManager]
Tmpl.Title=Free Download Manager
Tmpl.Class=Download
Tmpl.Url=http://www.freedownloadmanager.org/
RpcMgmtSetComTimeout=fdm.exe,y
[Template_SothinkWebVideoDownloader]
Tmpl.Title=Sothink Web Video Downloader Stand-alone
Tmpl.Class=Download

397
SandboxiePlus/SandMan/Forms/SettingsWindow.ui
View File

@ -7,7 +7,7 @@
<x>0</x>
<y>0</y>
<width>634</width>
<height>440</height>
<height>451</height>
</rect>
</property>
<property name="sizePolicy">
@ -54,108 +54,7 @@
<layout class="QGridLayout" name="gridLayout_9">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_8">
<item row="8" column="0">
<widget class="QLabel" name="label_5">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Systray options</string>
</property>
</widget>
</item>
<item row="7" column="1" colspan="2">
<widget class="QCheckBox" name="chkWatchConfig">
<property name="text">
<string>Watch Sandboxie.ini for changes</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="2">
<widget class="QCheckBox" name="chkDarkTheme">
<property name="text">
<string>Use Dark Theme (fully applied after a restart)</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="4" column="1" colspan="2">
<widget class="QCheckBox" name="chkShowRecovery">
<property name="text">
<string>Show first recovery window when emptying sandboxes</string>
</property>
</widget>
</item>
<item row="6" column="1" colspan="3">
<layout class="QHBoxLayout" name="horizontalLayout_3">
<item>
<widget class="QCheckBox" name="chkPanic">
<property name="text">
<string>Hotkey for terminating all boxed processes:</string>
</property>
</widget>
</item>
<item>
<widget class="QKeySequenceEdit" name="keyPanic"/>
</item>
</layout>
</item>
<item row="12" column="1">
<spacer name="verticalSpacer_4">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="9" column="1">
<widget class="QComboBox" name="cmbSysTray"/>
</item>
<item row="11" column="1">
<widget class="QComboBox" name="cmbOnClose"/>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_19">
<property name="text">
<string>UI Language:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="3" column="1" colspan="2">
<widget class="QCheckBox" name="chkSandboxUrls">
<property name="text">
<string>Open urls from this ui sandboxed</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="2" column="1" colspan="2">
<widget class="QCheckBox" name="chkNotifications">
<property name="text">
<string>Show Notifications for relevant log Messages</string>
</property>
<property name="checked">
<bool>false</bool>
</property>
</widget>
</item>
<item row="12" column="2">
<item row="9" column="2">
<spacer name="horizontalSpacer_8">
<property name="orientation">
<enum>Qt::Horizontal</enum>
@ -168,26 +67,10 @@
</property>
</spacer>
</item>
<item row="11" column="0">
<widget class="QLabel" name="label_18">
<item row="8" column="1" colspan="2">
<widget class="QCheckBox" name="chkWatchConfig">
<property name="text">
<string>On main window close:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QLabel" name="label_20">
<property name="text">
<string>Show Icon in Systray:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="openExternalLinks">
<bool>true</bool>
<string>Watch Sandboxie.ini for changes</string>
</property>
</widget>
</item>
@ -198,6 +81,46 @@
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_19">
<property name="text">
<string>UI Language:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="9" column="1">
<spacer name="verticalSpacer_4">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="4" column="1" colspan="2">
<widget class="QCheckBox" name="chkShowRecovery">
<property name="text">
<string>Show first recovery window when emptying sandboxes</string>
</property>
</widget>
</item>
<item row="1" column="1" colspan="2">
<widget class="QCheckBox" name="chkDarkTheme">
<property name="text">
<string>Use Dark Theme (fully applied after a restart)</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="0" column="2">
<widget class="QLabel" name="label">
<property name="text">
@ -211,21 +134,46 @@
<item row="0" column="1">
<widget class="QComboBox" name="uiLang"/>
</item>
<item row="10" column="0">
<widget class="QLabel" name="label_21">
<item row="2" column="1" colspan="2">
<widget class="QCheckBox" name="chkNotifications">
<property name="text">
<string>Show boxes in tray list:</string>
<string>Show Notifications for relevant log Messages</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
<property name="checked">
<bool>false</bool>
</property>
<property name="openExternalLinks">
</widget>
</item>
<item row="3" column="1" colspan="2">
<widget class="QCheckBox" name="chkSandboxUrls">
<property name="text">
<string>Open urls from this ui sandboxed</string>
</property>
<property name="tristate">
<bool>true</bool>
</property>
</widget>
</item>
<item row="10" column="1">
<widget class="QComboBox" name="cmbTrayBoxes"/>
<item row="6" column="1" colspan="2">
<widget class="QCheckBox" name="chkAsyncBoxOps">
<property name="text">
<string>Run box operations asynchronously whenever possible (like content deletion)</string>
</property>
</widget>
</item>
<item row="7" column="1" colspan="3">
<layout class="QHBoxLayout" name="horizontalLayout_3">
<item>
<widget class="QCheckBox" name="chkPanic">
<property name="text">
<string>Hotkey for terminating all boxed processes:</string>
</property>
</widget>
</item>
<item>
<widget class="QKeySequenceEdit" name="keyPanic"/>
</item>
</layout>
</item>
</layout>
</item>
@ -238,6 +186,69 @@
<layout class="QGridLayout" name="gridLayout_14">
<item row="0" column="0">
<layout class="QGridLayout" name="gridLayout_13">
<item row="4" column="1" colspan="3">
<widget class="QCheckBox" name="chkShellMenu">
<property name="text">
<string>Add 'Run Sandboxed' to the explorer context menu</string>
</property>
</widget>
</item>
<item row="3" column="3">
<spacer name="horizontalSpacer_6">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="12" column="1">
<spacer name="verticalSpacer_6">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</property>
</spacer>
</item>
<item row="11" column="0">
<widget class="QLabel" name="label_18">
<property name="text">
<string>On main window close:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
</widget>
</item>
<item row="2" column="1" colspan="3">
<widget class="QCheckBox" name="chkSvcStart">
<property name="text">
<string>Start UI when a sandboxed process is started</string>
</property>
</widget>
</item>
<item row="9" column="0">
<widget class="QLabel" name="label_21">
<property name="text">
<string>Show boxes in tray list:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property>
</widget>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_8">
<property name="font">
@ -252,6 +263,20 @@
</property>
</widget>
</item>
<item row="5" column="2" colspan="3">
<widget class="QCheckBox" name="chkAlwaysDefault">
<property name="text">
<string>Always use DefaultBox</string>
</property>
</widget>
</item>
<item row="6" column="2" colspan="3">
<widget class="QCheckBox" name="chkShellMenu2">
<property name="text">
<string>Add 'Run Un-Sandboxed' to the context menu</string>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label_6">
<property name="font">
@ -266,55 +291,7 @@
</property>
</widget>
</item>
<item row="1" column="1" colspan="2">
<widget class="QCheckBox" name="chkAutoStart">
<property name="text">
<string>Start UI with Windows</string>
</property>
</widget>
</item>
<item row="4" column="1" colspan="2">
<widget class="QCheckBox" name="chkShellMenu">
<property name="text">
<string>Add 'Run Sandboxed' to the explorer context menu</string>
</property>
</widget>
</item>
<item row="3" column="2">
<spacer name="horizontalSpacer_6">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
</item>
<item row="2" column="1" colspan="2">
<widget class="QCheckBox" name="chkSvcStart">
<property name="text">
<string>Start UI when a sandboxed process is started</string>
</property>
</widget>
</item>
<item row="6" column="2" colspan="2">
<widget class="QCheckBox" name="chkShellMenu2">
<property name="text">
<string>Add 'Run Un-Sandboxed' to the context menu</string>
</property>
</widget>
</item>
<item row="5" column="2" colspan="2">
<widget class="QCheckBox" name="chkAlwaysDefault">
<property name="text">
<string>Always use DefaultBox</string>
</property>
</widget>
</item>
<item row="7" column="2" colspan="2">
<item row="12" column="3" colspan="2">
<spacer name="horizontalSpacer_2">
<property name="orientation">
<enum>Qt::Horizontal</enum>
@ -327,15 +304,65 @@
</property>
</spacer>
</item>
<item row="7" column="1">
<spacer name="verticalSpacer_6">
<item row="8" column="0">
<widget class="QLabel" name="label_20">
<property name="text">
<string>Show Icon in Systray:</string>
</property>
<property name="alignment">
<set>Qt::AlignRight|Qt::AlignTrailing|Qt::AlignVCenter</set>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property>
</widget>
</item>
<item row="1" column="1" colspan="3">
<widget class="QCheckBox" name="chkAutoStart">
<property name="text">
<string>Start UI with Windows</string>
</property>
</widget>
</item>
<item row="10" column="1" colspan="3">
<widget class="QCheckBox" name="chkBoxOpsNotify">
<property name="text">
<string>Show a tray notification when automatic box operations are started</string>
</property>
</widget>
</item>
<item row="7" column="0">
<widget class="QLabel" name="label_5">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string>Systray options</string>
</property>
</widget>
</item>
<item row="8" column="1" colspan="2">
<widget class="QComboBox" name="cmbSysTray"/>
</item>
<item row="9" column="1" colspan="2">
<widget class="QComboBox" name="cmbTrayBoxes"/>
</item>
<item row="11" column="1" colspan="2">
<widget class="QComboBox" name="cmbOnClose"/>
</item>
<item row="3" column="2">
<spacer name="horizontalSpacer_9">
<property name="orientation">
<enum>Qt::Vertical</enum>
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
<width>40</width>
<height>20</height>
</size>
</property>
</spacer>
@ -433,7 +460,7 @@
<item row="7" column="1" colspan="5">
<widget class="QCheckBox" name="chkObjCb">
<property name="text">
<string>Activate Kernel Mode Object Filtering (experimental)</string>
<string>Activate Kernel Mode Object Filtering</string>
</property>
</widget>
</item>

45
SandboxiePlus/SandMan/SandMan.cpp
View File

@ -900,6 +900,20 @@ void CSandMan::timerEvent(QTimerEvent* pEvent)
}
}
bool CSandMan::DoDeleteCmd(const CSandBoxPtr &pBox)
{
foreach(const QString& Value, pBox->GetTextList("OnBoxDelete", true, false, true)) {
QString Value2 = pBox->Expand(Value);
CSbieProgressPtr pProgress = CSbieUtils::RunCommand(Value2, true);
if (!pProgress.isNull()) {
AddAsyncOp(pProgress, true, tr("Executing OnBoxDelete: %1").arg(Value2));
if (pProgress->IsCanceled())
return false;
}
}
return true;
}
void CSandMan::OnBoxClosed(const QString& BoxName)
{
CSandBoxPtr pBox = theAPI->GetBoxByName(BoxName);
@ -913,10 +927,33 @@ void CSandMan::OnBoxClosed(const QString& BoxName)
if(!theGUI->OpenRecovery(pBox, DeleteShapshots, true)) // unless no files are found than continue silently
return;
if(theConf->GetBool("Options/AutoBoxOpsNotify", false))
OnLogMessage(tr("Auto deleting content of %1").arg(BoxName), true);
if (theConf->GetBool("Options/UseAsyncBoxOps", false))
{
auto pBoxEx = pBox.objectCast<CSandBoxPlus>();
SB_STATUS Status = pBoxEx->DeleteContentAsync(DeleteShapshots);
CheckResults(QList<SB_STATUS>() << Status);
}
else
{
if (!DoDeleteCmd(pBox))
return;
SB_PROGRESS Status;
if (!DeleteShapshots && pBox->HasSnapshots()) { // in auto delete mdoe always return to last snapshot
QString Current;
pBox->GetDefaultSnapshot(&Current);
Status = pBox->SelectSnapshot(Current);
}
else // if there are no snapshots just use the normal cleaning procedure
Status = pBox->CleanBox();
if (Status.GetStatus() == OP_ASYNC)
AddAsyncOp(Status.GetValue(), true, tr("Auto Deleting %1 content").arg(BoxName));
}
}
}
void CSandMan::OnSelectionChanged()
@ -1156,7 +1193,7 @@ void CSandMan::OnLogSbieMessage(quint32 MsgCode, const QStringList& MsgData, qui
Message = tr("The box %1 is configured to use features exclusively available to project supporters, these presets will be ignored.").arg(MsgData[1]);
Message.append(tr("<br /><a href=\"https://sandboxie-plus.com/go.php?to=sbie-get-cert\">Become a project supporter</a>, and receive a <a href=\"https://sandboxie-plus.com/go.php?to=sbie-cert\">supporter certificate</a>"));
QMessageBox msgBox;
QMessageBox msgBox(this);
msgBox.setTextFormat(Qt::RichText);
msgBox.setIcon(QMessageBox::Critical);
msgBox.setWindowTitle("Sandboxie-Plus");
@ -1206,7 +1243,7 @@ bool CSandMan::CheckCertificate()
// return false;
//}
QMessageBox msgBox;
QMessageBox msgBox(this);
msgBox.setTextFormat(Qt::RichText);
msgBox.setIcon(QMessageBox::Information);
msgBox.setWindowTitle("Sandboxie-Plus");
@ -1589,9 +1626,9 @@ void CSandMan::HandleMaintenance(SB_RESULT(void*) Status)
if (dwStatus != 0)
{
if(m_bStopPending)
QMessageBox::warning(NULL, tr("Sandboxie-Plus - Error"), tr("Failed to stop all Sandboxie components"));
QMessageBox::warning(this, tr("Sandboxie-Plus - Error"), tr("Failed to stop all Sandboxie components"));
else if(m_bConnectPending)
QMessageBox::warning(NULL, tr("Sandboxie-Plus - Error"), tr("Failed to start required Sandboxie components"));
QMessageBox::warning(this, tr("Sandboxie-Plus - Error"), tr("Failed to start required Sandboxie components"));
OnLogMessage(tr("Maintenance operation failed (%1)").arg((quint32)dwStatus));
CheckResults(QList<SB_STATUS>() << SB_ERR(dwStatus));

2
SandboxiePlus/SandMan/SandMan.h
View File

@ -38,6 +38,8 @@ public:
SB_PROGRESS RecoverFiles(const QList<QPair<QString, QString>>& FileList, int Action = 0);
bool DoDeleteCmd(const CSandBoxPtr &pBox);
bool AddAsyncOp(const CSbieProgressPtr& pProgress, bool bWait = false, const QString& InitialMsg = QString());
static QString FormatError(const SB_STATUS& Error);
static void CheckResults(QList<SB_STATUS> Results);

38
SandboxiePlus/SandMan/Views/SbieView.cpp
View File

@ -872,6 +872,17 @@ void CSbieView::OnSandBoxAction(QAction* Action)
return;
}
if (theConf->GetInt("Options/WarnOpenRegistry", -1) == -1)
{
bool State = false;
if (CCheckableMessageBox::question(this, "Sandboxie-Plus", tr("WARNING: The opened registry editor is not sand boxed, please be careful and only do changes to the pre-selected sandbox locations.")
, tr("Don't show this warning in future"), &State, QDialogButtonBox::Ok | QDialogButtonBox::Cancel, QDialogButtonBox::Yes, QMessageBox::Information) != QDialogButtonBox::Ok)
return;
if (State)
theConf->SetValue("Options/WarnOpenRegistry", 1);
}
wstring path = QCoreApplication::applicationFilePath().toStdWString();
QStringList RegRoot = SandBoxes.first()->GetRegRoot().split("\\");
@ -1020,12 +1031,39 @@ void CSbieView::OnSandBoxAction(QAction* Action)
return;
foreach(const CSandBoxPtr &pBox, SandBoxes)
{
if (theConf->GetBool("Options/UseAsyncBoxOps", false))
{
auto pBoxEx = pBox.objectCast<CSandBoxPlus>();
SB_STATUS Status = pBoxEx->DeleteContentAsync(DeleteShapshots);
if (Status.IsError())
Results.append(Status);
}
else
{
SB_STATUS Status1 = pBox->TerminateAll();
if (Status1.IsError()) {
Results.append(Status1);
continue;
}
if (!theGUI->DoDeleteCmd(pBox))
continue;
SB_PROGRESS Status;
if (!DeleteShapshots && pBox->HasSnapshots()) {
QString Default = pBox->GetDefaultSnapshot();
Status = pBox->SelectSnapshot(Default);
}
else // if there are no snapshots jut use the normal cleaning procedure
Status = pBox->CleanBox();
if (Status.GetStatus() == OP_ASYNC)
theGUI->AddAsyncOp(Status.GetValue());
else if (Status.IsError())
Results.append(Status);
}
}
}
else if (Action == m_pMenuEmptyBox)
{

18
SandboxiePlus/SandMan/Windows/OptionsAccess.cpp
View File

@ -195,18 +195,19 @@ void COptionsWindow::ParseAndAddAccessEntry(EAccessEntry EntryType, const QStrin
case eOpenPipePath: Type = eFile; Mode = eOpen4All; break;
case eClosedFilePath: Type = eFile; Mode = eClosed; break;
case eReadFilePath: Type = eFile; Mode = eReadOnly; break;
case eWriteFilePath: Type = eFile; Mode = eWriteOnly; break;
case eWriteFilePath: Type = eFile; Mode = eBoxOnly; break;
case eNormalKeyPath: Type = eKey; Mode = eNormal; break;
case eOpenKeyPath: Type = eKey; Mode = eOpen; break;
case eOpenConfPath: Type = eKey; Mode = eOpen4All;break;
case eClosedKeyPath: Type = eKey; Mode = eClosed; break;
case eReadKeyPath: Type = eKey; Mode = eReadOnly; break;
case eWriteKeyPath: Type = eKey; Mode = eWriteOnly; break;
case eWriteKeyPath: Type = eKey; Mode = eBoxOnly; break;
case eNormalIpcPath: Type = eIPC; Mode = eNormal; break;
case eOpenIpcPath: Type = eIPC; Mode = eOpen; break;
case eClosedIpcPath: Type = eIPC; Mode = eClosed; break;
case eReadIpcPath: Type = eIPC; Mode = eReadOnly; break;
case eOpenWinClass: Type = eWnd; Mode = eOpen; break;
@ -243,7 +244,7 @@ QString COptionsWindow::GetAccessModeStr(EAccessMode Mode)
case eClosed: return tr("Closed");
case eClosedRT: return tr("Closed RT");
case eReadOnly: return tr("Read Only");
case eWriteOnly: return tr("Boxed Only");
case eBoxOnly: return tr("Box Only (Write Only)");
}
return tr("Unknown");
}
@ -328,7 +329,7 @@ QString COptionsWindow::MakeAccessStr(EAccessType Type, EAccessMode Mode)
case eOpen4All: return "OpenPipePath";
case eClosed: return "ClosedFilePath";
case eReadOnly: return "ReadFilePath";
case eWriteOnly: return "WriteFilePath";
case eBoxOnly: return "WriteFilePath";
}
break;
case eKey:
@ -339,7 +340,7 @@ QString COptionsWindow::MakeAccessStr(EAccessType Type, EAccessMode Mode)
case eOpen4All: return "OpenConfPath";
case eClosed: return "ClosedKeyPath";
case eReadOnly: return "ReadKeyPath";
case eWriteOnly: return "WriteKeyPath";
case eBoxOnly: return "WriteKeyPath";
}
break;
case eIPC:
@ -348,6 +349,7 @@ QString COptionsWindow::MakeAccessStr(EAccessType Type, EAccessMode Mode)
case eNormal: return "NormalIpcPath";
case eOpen: return "OpenIpcPath";
case eClosed: return "ClosedIpcPath";
case eReadOnly: return "ReadIpcPath";
}
break;
case eWnd:
@ -448,8 +450,8 @@ QList<COptionsWindow::EAccessMode> COptionsWindow::GetAccessModes(EAccessType Ty
{
switch (Type)
{
case eFile: return QList<EAccessMode>() << eNormal << eOpen << eOpen4All << eClosed << eReadOnly << eWriteOnly;
case eKey: return QList<EAccessMode>() << eNormal << eOpen << eOpen4All << eClosed << eReadOnly << eWriteOnly;
case eFile: return QList<EAccessMode>() << eNormal << eOpen << eOpen4All << eClosed << eReadOnly << eBoxOnly;
case eKey: return QList<EAccessMode>() << eNormal << eOpen << eOpen4All << eClosed << eReadOnly << eBoxOnly;
case eIPC: return QList<EAccessMode>() << eNormal << eOpen << eClosed;
case eWnd: return QList<EAccessMode>() << eOpen;
case eCOM: return QList<EAccessMode>() << eOpen << eClosed << eClosedRT;
@ -556,7 +558,7 @@ void COptionsWindow::SaveAccessList()
QStringList Keys = QStringList()
<< "NormalFilePath" << "OpenFilePath" << "OpenPipePath" << "ClosedFilePath" << "ReadFilePath" << "WriteFilePath"
<< "NormalKeyPath" << "OpenKeyPath" << "OpenConfPath" << "ClosedKeyPath" << "ReadKeyPath" << "WriteKeyPath"
<< "NormalIpcPath"<< "OpenIpcPath" << "ClosedIpcPath" << "OpenWinClass" << "OpenClsid" << "ClosedClsid" << "ClosedRT";
<< "NormalIpcPath"<< "OpenIpcPath" << "ClosedIpcPath" << "ReadIpcPath" << "OpenWinClass" << "OpenClsid" << "ClosedClsid" << "ClosedRT";
QMap<QString, QList<QString>> AccessMap;
for (int i = 0; i < ui.treeAccess->topLevelItemCount(); i++)

3
SandboxiePlus/SandMan/Windows/OptionsWindow.h
View File

@ -202,6 +202,7 @@ protected:
eNormalIpcPath,
eOpenIpcPath,
eClosedIpcPath,
eReadIpcPath,
eOpenWinClass,
@ -229,7 +230,7 @@ protected:
eClosed,
eClosedRT,
eReadOnly,
eWriteOnly
eBoxOnly
};
enum ETriggerAction {

10
SandboxiePlus/SandMan/Windows/SettingsWindow.cpp
View File

@ -130,7 +130,7 @@ CSettingsWindow::CSettingsWindow(QWidget *parent)
m_FeaturesChanged = false;
connect(ui.chkWFP, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged()));
connect(ui.chkObjCb, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged()));
connect(ui.chkWin32k, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged()));
//connect(ui.chkWin32k, SIGNAL(stateChanged(int)), this, SLOT(OnFeaturesChanged()));
m_WarnProgsChanged = false;
@ -218,7 +218,7 @@ Qt::CheckState CSettingsWindow__IsContextMenu()
void CSettingsWindow__AddContextMenu()
{
CSbieUtils::AddContextMenu(QApplication::applicationDirPath().replace("/", "\\") + "\\SandMan.exe",
CSettingsWindow::tr("Run &Sandboxed"), CSettingsWindow::tr("Explore &Sandboxed"),
CSettingsWindow::tr("Run &Sandboxed"), //CSettingsWindow::tr("Explore &Sandboxed"),
QApplication::applicationDirPath().replace("/", "\\") + "\\Start.exe");
}
@ -253,6 +253,7 @@ void CSettingsWindow::LoadSettings()
ui.chkShowRecovery->setChecked(theConf->GetBool("Options/ShowRecovery", false));
ui.chkNotifyRecovery->setChecked(!theConf->GetBool("Options/InstantRecovery", true));
ui.chkAsyncBoxOps->setChecked(theConf->GetBool("Options/UseAsyncBoxOps", false));
ui.chkPanic->setChecked(theConf->GetBool("Options/EnablePanicKey", false));
ui.keyPanic->setKeySequence(QKeySequence(theConf->GetString("Options/PanicKeySequence", "Shift+Pause")));
@ -262,6 +263,7 @@ void CSettingsWindow::LoadSettings()
ui.cmbSysTray->setCurrentIndex(theConf->GetInt("Options/SysTrayIcon", 1));
ui.cmbTrayBoxes->setCurrentIndex(theConf->GetInt("Options/SysTrayFilter", 0));
ui.chkBoxOpsNotify->setChecked(theConf->GetBool("Options/AutoBoxOpsNotify", false));
ui.cmbOnClose->setCurrentIndex(ui.cmbOnClose->findData(theConf->GetString("Options/OnClose", "ToTray")));
@ -277,7 +279,7 @@ void CSettingsWindow::LoadSettings()
ui.ipcRoot->setText(theAPI->GetGlobalSettings()->GetText("IpcRootPath", IpcRootPath_Default));
ui.chkWFP->setChecked(theAPI->GetGlobalSettings()->GetBool("NetworkEnableWFP", false));
ui.chkObjCb->setChecked(theAPI->GetGlobalSettings()->GetBool("EnableObjectFiltering", false));
ui.chkObjCb->setChecked(theAPI->GetGlobalSettings()->GetBool("EnableObjectFiltering", true));
ui.chkWin32k->setChecked(theAPI->GetGlobalSettings()->GetBool("EnableWin32kHooks", true));
ui.chkAdminOnly->setChecked(theAPI->GetGlobalSettings()->GetBool("EditAdminOnly", false));
@ -406,6 +408,7 @@ void CSettingsWindow::SaveSettings()
theConf->SetValue("Options/ShowRecovery", ui.chkShowRecovery->isChecked());
theConf->SetValue("Options/InstantRecovery", !ui.chkNotifyRecovery->isChecked());
theConf->SetValue("Options/UseAsyncBoxOps", ui.chkAsyncBoxOps->isChecked());
theConf->SetValue("Options/EnablePanicKey", ui.chkPanic->isChecked());
theConf->SetValue("Options/PanicKeySequence", ui.keyPanic->keySequence().toString());
@ -414,6 +417,7 @@ void CSettingsWindow::SaveSettings()
theConf->SetValue("Options/SysTrayIcon", ui.cmbSysTray->currentIndex());
theConf->SetValue("Options/SysTrayFilter", ui.cmbTrayBoxes->currentIndex());
theConf->SetValue("Options/AutoBoxOpsNotify", ui.chkBoxOpsNotify->isChecked());
theConf->SetValue("Options/OnClose", ui.cmbOnClose->currentData());