Sandboxie/SandboxiePlus/SandMan/Wizards/NewBoxWizard.cpp

800 lines
34 KiB
C++

#include "stdafx.h"
#include "NewBoxWizard.h"
#include "../MiscHelpers/Common/Common.h"
#include "../Windows/SettingsWindow.h"
#include "../SandMan.h"
#include "Helpers/WinAdmin.h"
#include <QButtonGroup>
#include "../QSbieAPI/SbieUtils.h"
#include "../Views/SbieView.h"
#include "../MiscHelpers/Common/CheckableMessageBox.h"
#include "../Windows/BoxImageWindow.h"
#include "../AddonManager.h"
CNewBoxWizard::CNewBoxWizard(bool bAlowTemp, QWidget *parent)
: QWizard(parent)
{
setPage(Page_Type, new CBoxTypePage(bAlowTemp));
setPage(Page_Files, new CFilesPage);
setPage(Page_Advanced, new CAdvancedPage);
setPage(Page_Summary, new CSummaryPage);
m_bAdvanced = false;
setWizardStyle(ModernStyle);
//setOption(HaveHelpButton, true);
setPixmap(QWizard::LogoPixmap, QPixmap(":/SandMan.png").scaled(64, 64, Qt::KeepAspectRatio, Qt::SmoothTransformation));
connect(this, &QWizard::helpRequested, this, &CNewBoxWizard::showHelp);
setWindowTitle(tr("New Box Wizard"));
setMinimumWidth(600 * theConf->GetInt("Options/FontScaling", 100) / 100);
}
void CNewBoxWizard::showHelp()
{
}
QString CNewBoxWizard::CreateNewBox(bool bAlowTemp, QWidget* pParent)
{
CNewBoxWizard wizard(bAlowTemp, pParent);
if (!theGUI->SafeExec(&wizard))
return QString();
QString BoxName = wizard.field("boxName").toString();
BoxName.replace(" ", "_");
return BoxName;
}
SB_STATUS CNewBoxWizard::TryToCreateBox()
{
QString BoxName = field("boxName").toString();
BoxName.replace(" ", "_");
int BoxType = field("boxType").toInt();
QString Password;
quint64 ImageSize = 0;
if (BoxType == CSandBoxPlus::ePrivate) {
CBoxImageWindow window(CBoxImageWindow::eNew, this);
if (theGUI->SafeExec(&window) == 1) {
Password = window.GetPassword();
ImageSize = window.GetImageSize();
if (theConf->GetBool("Options/WarnBoxCrypto", true)) {
bool State = false;
if(CCheckableMessageBox::question(this, "Sandboxie-Plus",
tr("This sandbox content will be placed in an encrypted container file, "
"please note that any corruption of the container's header will render all its content permanently inaccessible. "
"Corruption can occur as a result of a BSOD, a storage hardware failure, or a malicious application overwriting random files. "
"This feature is provided under a strict <b>No Backup No Mercy</b> policy, YOU the user are responsible for the data you put into an encrypted box. "
"<br /><br />"
"IF YOU AGREE TO TAKE FULL RESPONSIBILITY FOR YOUR DATA PRESS [YES], OTHERWISE PRESS [NO].")
, tr("Don't show this message again."), &State, QDialogButtonBox::Yes | QDialogButtonBox::No, QDialogButtonBox::No, QMessageBox::Warning) != QDialogButtonBox::Yes)
return SB_ERR(SB_Canceled);
if (State)
theConf->SetValue("Options/WarnBoxCrypto", false);
}
}
else
return SB_ERR(SB_Canceled);
}
SB_STATUS Status = theAPI->CreateBox(BoxName, true);
if (!Status.IsError())
{
CSandBoxPtr pBox = theAPI->GetBoxByName(BoxName);
switch (BoxType)
{
case CSandBoxPlus::eHardenedPlus:
pBox->SetBool("UsePrivacyMode", true);
case CSandBoxPlus::eHardened:
pBox->SetBool("UseSecurityMode", true);
break;
case CSandBoxPlus::eDefaultPlus:
pBox->SetBool("UsePrivacyMode", true);
case CSandBoxPlus::eDefault:
break;
case CSandBoxPlus::eAppBoxPlus:
pBox->SetBool("UsePrivacyMode", true);
case CSandBoxPlus::eAppBox:
pBox->SetBool("NoSecurityIsolation", true);
//pBox->InsertText("Template", "NoUACProxy"); // proxy is always needed for exes in the box
pBox->InsertText("Template", "RpcPortBindingsExt");
break;
case CSandBoxPlus::ePrivate: {
pBox->SetBool("UseFileImage", true);
pBox->SetBool("ConfidentialBox", true);
break;
}
}
QRgb rgb = theGUI->GetBoxColor(BoxType);
pBox->SetText("BorderColor", QString("#%1%2%3").arg(qBlue(rgb), 2, 16, QChar('0')).arg(qGreen(rgb), 2, 16, QChar('0')).arg(qRed(rgb), 2, 16, QChar('0')) + ",ttl");
QString Location = field("boxLocation").toString();
if (!Location.isEmpty())
pBox->SetText("FileRootPath", Location);
if (field("boxVersion").toInt() == 1) {
pBox->SetBool("UseFileDeleteV2", true);
pBox->SetBool("UseRegDeleteV2", true);
}
if(!field("separateUser").toBool())
pBox->SetBool("SeparateUserFolders", false);
if(field("useVolumeSN").toBool())
pBox->SetBool("UseVolumeSerialNumbers", true);
if (field("autoRemove").toBool()) {
pBox->SetBool("AutoDelete", true);
pBox->SetBool("AutoRemove", true);
}
else if(field("autoDelete").toBool())
pBox->SetBool("AutoDelete", true);
if(field("autoRecover").toBool())
pBox->SetBool("AutoRecover", true);
if (field("blockNetwork").toInt() == 1) { // device based
//pBox->InsertText("AllowNetworkAccess", "<BlockNetAccess>,n");
pBox->InsertText("ClosedFilePath", "!<InternetAccess>,InternetAccessDevices");
//pBox->InsertText("ClosedFilePath", "<BlockNetDevices>,InternetAccessDevices");
}
else if (field("blockNetwork").toInt() == 2) { // using WFP
pBox->InsertText("AllowNetworkAccess", "!<InternetAccess>,n");
//pBox->InsertText("AllowNetworkAccess", "<BlockNetAccess>,n");
//pBox->InsertText("ClosedFilePath", "<BlockNetDevices>,InternetAccessDevices");
}
pBox->SetBool("BlockNetworkFiles", !field("shareAccess").toBool());
if (field("fakeAdmin").toBool()) {
pBox->SetBool("DropAdminRights", true);
pBox->SetBool("FakeAdminRights", true);
}
if(field("msiServer").toBool())
pBox->SetBool("MsiInstallerExemptions", true);
if(field("boxToken").toBool())
pBox->SetBool("SandboxieLogon", true);
if(field("imagesProtection").toBool())
pBox->SetBool("ProtectHostImages", true);
if (!Password.isEmpty())
pBox->ImBoxCreate(ImageSize / 1024, Password);
if (field("boxVersion").toInt() == 1) {
if (theConf->GetBool("Options/WarnDeleteV2", true)) {
bool State = false;
CCheckableMessageBox::question(this, "Sandboxie-Plus",
tr("The new sandbox has been created using the new <a href=\"https://sandboxie-plus.com/go.php?to=sbie-delete-v2\">Virtualization Scheme Version 2</a>, if you experience any unexpected issues with this box,"
" please switch to the Virtualization Scheme to Version 1 and report the issue,"
" the option to change this preset can be found in the Box Options in the Box Structure group.")
, tr("Don't show this message again."), &State, QDialogButtonBox::Ok, QDialogButtonBox::Ok, QMessageBox::Information);
if (State)
theConf->SetValue("Options/WarnDeleteV2", false);
}
}
}
return Status;
}
QString CNewBoxWizard::GetDefaultLocation()
{
QString DefaultPath = theAPI->GetGlobalSettings()->GetText("FileRootPath", "\\??\\%SystemDrive%\\Sandbox\\%USER%\\%SANDBOX%", false, false);
// HACK HACK: globally %SANDBOX% evaluates to GlobalSettings
DefaultPath.replace("\\GlobalSettings", "\\" + field("boxName").toString().replace(" ", "_"));
return theAPI->Nt2DosPath(DefaultPath);
}
//////////////////////////////////////////////////////////////////////////////////////////
// CBoxTypePage
//
CBoxTypePage::CBoxTypePage(bool bAlowTemp, QWidget *parent)
: QWizardPage(parent)
{
setTitle(tr("Create new Sandbox"));
QPixmap Logo = QPixmap(theGUI->m_DarkTheme ? ":/SideLogoDM.png" : ":/SideLogo.png");
int Scaling = theConf->GetInt("Options/FontScaling", 100);
if(Scaling != 100) Logo = Logo.scaled(Logo.width() * Scaling / 100, Logo.height() * Scaling / 100);
setPixmap(QWizard::WatermarkPixmap, Logo);
m_bInstant = theConf->GetBool("Options/InstantBoxWizard", false);
int row = 0;
QGridLayout *layout = new QGridLayout;
#ifndef USE_COMBO
layout->setSpacing(2);
QLabel* pTopLabel = new QLabel(tr("A sandbox isolates your host system from processes running within the box, "
"it prevents them from making permanent changes to other programs and data in your computer. "));
#else
QLabel* pTopLabel = new QLabel(tr("A sandbox isolates your host system from processes running within the box, "
"it prevents them from making permanent changes to other programs and data in your computer. "
"The level of isolation impacts your security as well as the compatibility with applications, "
"hence there will be a different level of isolation depending on the selected Box Type. "
"Sandboxie can also protect your personal data from being accessed by processes running under its supervision."));
#endif
pTopLabel->setWordWrap(true);
layout->addWidget(pTopLabel, row++ , 0, 1, 3);
layout->addItem(new QSpacerItem(0, 3), row++, 0);
layout->addWidget(new QLabel(tr("Enter box name:")), row++, 0);
m_pBoxName = new QLineEdit();
m_pBoxName->setMaxLength(32); // BOXNAME_COUNT
m_pBoxName->setText(theAPI->MkNewName("New Box"));
m_pBoxName->setFocus();
layout->addWidget(m_pBoxName, row++, 1, 1, 2);
registerField("boxName", m_pBoxName);
/*QLabel* pMore = new QLabel(tr("<a href=\"more\">More Types</a>"));
pMore->setAlignment(Qt::AlignRight);
connect(pMore, SIGNAL(linkActivated(const QString&)), this, SLOT(SnowMore()));
layout->addWidget(pMore, row, 2);*/
layout->addWidget(new QLabel(tr("Select box type:")), row++, 0);
#ifndef USE_COMBO
m_TypeGroup = new QButtonGroup();
auto AddBoxType = [&](const QString& label, int Type, const QString& tip = QString(), bool bCheck = false) {
QWidget* pW = bCheck ? (QWidget*)new QCheckBox() : (QWidget*)new QRadioButton();
if (theGUI->m_DarkTheme) {
QPalette palette = QApplication::palette();
palette.setColor(QPalette::Base, Qt::white);
palette.setColor(QPalette::Text, Qt::black);
pW->setPalette(palette);
}
pW->setToolTip(tip);
if(!bCheck) m_TypeGroup->addButton((QRadioButton*)pW, Type);
QHBoxLayout* pLayout = new QHBoxLayout();
pLayout->setContentsMargins(0,0,0,0);
pLayout->setSpacing(4);
pW->setSizePolicy(QSizePolicy(QSizePolicy::Fixed, QSizePolicy::Fixed));
pLayout->addWidget(pW);
QLabel* pLabel = new QLabel(label);
pLabel->setToolTip(tip);
pLayout->addWidget(pLabel);
connect(pLabel, SIGNAL(linkActivated(const QString&)), theGUI, SLOT(OpenUrl(const QString&)));
pW = new QWidget();
pW->setLayout(pLayout);
layout->addWidget(pW, row, 1, 1, 2);
if (Type != -1) {
QLabel* pIcon = new QLabel();
pIcon->setPixmap(theGUI->GetBoxIcon(Type).pixmap(16, 16));
pIcon->setAlignment(Qt::AlignRight);
pIcon->setContentsMargins(0, 2, 4, 0);
pIcon->setToolTip(tip);
layout->addWidget(pIcon, row, 0);
}
row++;
//return qMakePair(pW, pIcon);
};
AddBoxType(tr("<a href=\"sbie://docs/security-mode\">Security Hardened</a> Sandbox with <a href=\"sbie://docs/privacy-mode\">Data Protection</a>"), (int)CSandBoxPlus::eHardenedPlus,
tr("This box type offers the highest level of protection by significantly reducing the attack surface exposed to sandboxed processes. \n"
"It strictly limits access to user data, allowing processes within this box to only access C:\\Windows and C:\\Program Files directories. \n"
"The entire user profile remains hidden, ensuring maximum security."));
AddBoxType(tr("<a href=\"sbie://docs/security-mode\">Security Hardened</a> Sandbox"), (int)CSandBoxPlus::eHardened,
tr("This box type offers the highest level of protection by significantly reducing the attack surface exposed to sandboxed processes."));
AddBoxType(tr("Sandbox with <a href=\"sbie://docs/privacy-mode\">Data Protection</a>"), (int)CSandBoxPlus::eDefaultPlus,
tr("In this box type, sandboxed processes are prevented from accessing any personal user files or data. The focus is on protecting user data, and as such, \n"
"only C:\\Windows and C:\\Program Files directories are accessible to processes running within this sandbox. This ensures that personal files remain secure."));
AddBoxType(tr("Standard Sandbox"), (int)CSandBoxPlus::eDefault,
tr("This box type offers the default behavior of Sandboxie classic. It provides users with a familiar and reliable sandboxing scheme. \n"
"Applications can be run within this sandbox, ensuring they operate within a controlled and isolated space."));
AddBoxType(tr("<a href=\"sbie://docs/compartment-mode\">Application Compartment</a> Box with <a href=\"sbie://docs/privacy-mode\">Data Protection</a>"), (int)CSandBoxPlus::eAppBoxPlus,
tr("This box type prioritizes compatibility while still providing a good level of isolation. It is designed for running trusted applications within separate compartments. \n"
"While the level of isolation is reduced compared to other box types, it offers improved compatibility with a wide range of applications, ensuring smooth operation within the sandboxed environment."));
AddBoxType(tr("<a href=\"sbie://docs/compartment-mode\">Application Compartment</a> Box"), (int)CSandBoxPlus::eAppBox,
tr("This box type prioritizes compatibility while still providing a good level of isolation. It is designed for running trusted applications within separate compartments. \n"
"While the level of isolation is reduced compared to other box types, it offers improved compatibility with a wide range of applications, ensuring smooth operation within the sandboxed environment."));
AddBoxType(tr("<a href=\"sbie://docs/boxencryption\">Encrypted</a> <a href=\"sbie://docs/black-box\">Confidential</a> Box"), (int)CSandBoxPlus::ePrivate,
tr("In this box type the sandbox uses an encrypted disk image as its root folder. This provides an additional layer of privacy and security. \n"
"Access to the virtual disk when mounted is restricted to programs running within the sandbox. Sandboxie prevents other processes on the host system from accessing the sandboxed processes. \n"
"This ensures the utmost level of privacy and data protection within the confidential sandbox environment."));//, true);
connect(m_TypeGroup, SIGNAL(buttonClicked(QAbstractButton*)), this, SIGNAL(typeChanged()));
registerField("boxType", this, "currentType", "typeChanged");
connect(m_TypeGroup, SIGNAL(buttonClicked(QAbstractButton*)), this, SLOT(OnBoxTypChanged()));
//QCheckBox* pMore = new QCheckBox(tr("Show More Types"));
//layout->addWidget(pMore, 4, 3);
//connect(pMore, &QCheckBox::toggled, [=](bool bValue) {
// ...
// });
#else
bool bAll = true;
m_pBoxType = new QComboBox();
m_pBoxType->addItem(theGUI->GetBoxIcon(CSandBoxPlus::eHardenedPlus), tr("Hardened Sandbox with Data Protection"), (int)CSandBoxPlus::eHardenedPlus);
if (bAll) m_pBoxType->addItem(theGUI->GetBoxIcon(CSandBoxPlus::eHardened), tr("Security Hardened Sandbox"), (int)CSandBoxPlus::eHardened);
m_pBoxType->addItem(theGUI->GetBoxIcon(CSandBoxPlus::eDefaultPlus), tr("Sandbox with Data Protection"), (int)CSandBoxPlus::eDefaultPlus);
m_pBoxType->addItem(theGUI->GetBoxIcon(CSandBoxPlus::eDefault), tr("Standard Isolation Sandbox (Default)"), (int)CSandBoxPlus::eDefault);
//m_pBoxType->addItem(theGUI->GetBoxIcon(CSandBoxPlus::eInsecure), tr("INSECURE Configuration (please change)"), (int)CSandBoxPlus::eInsecure);
if (bAll) m_pBoxType->addItem(theGUI->GetBoxIcon(CSandBoxPlus::eAppBoxPlus), tr("Application Compartment with Data Protection"), (int)CSandBoxPlus::eAppBoxPlus);
m_pBoxType->addItem(theGUI->GetBoxIcon(CSandBoxPlus::eAppBox), tr("Application Compartment Box"), (int)CSandBoxPlus::eAppBox);
m_pBoxType->addItem(theGUI->GetBoxIcon(CSandBoxPlus::ePrivate), tr("Confidential Encrypted Box"), (int)CSandBoxPlus::ePrivate);
connect(m_pBoxType, SIGNAL(currentIndexChanged(int)), this, SLOT(OnBoxTypChanged()));
layout->addWidget(m_pBoxType, row++, 1, 1, 2);
registerField("boxType", m_pBoxType, "currentData", "currentIndexChanged");
m_pInfoLabel = new QLabel();
m_pInfoLabel->setWordWrap(true);
//m_pInfoLabel->setOpenExternalLinks(true);
connect(m_pInfoLabel, SIGNAL(linkActivated(const QString&)), theGUI, SLOT(OpenUrl(const QString&)));
layout->addWidget(m_pInfoLabel, row++, 0, 1, 3);
m_pBoxType->setCurrentIndex(3); // default
#endif
QWidget* pSpacer = new QWidget();
pSpacer->setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Expanding);
layout->addWidget(pSpacer, row++, 1);
QCheckBox* pTemp = new QCheckBox(tr("Remove after use"));
pTemp->setToolTip(tr("After the last process in the box terminates, all data in the box will be deleted and the box itself will be removed."));
layout->addWidget(pTemp, row, 0, 1, 2);
pTemp->setVisible(bAlowTemp);
registerField("autoRemove", pTemp);
m_pAdvanced = new QCheckBox(tr("Configure advanced options"));
if (theGUI->m_DarkTheme) {
QPalette palette = QApplication::palette();
palette.setColor(QPalette::Base, Qt::white);
palette.setColor(QPalette::Text, Qt::black);
m_pAdvanced->setPalette(palette);
}
m_pAdvanced->setChecked(theConf->GetBool("Options/AdvancedBoxWizard", false));
layout->addWidget(m_pAdvanced, row++, 2, 1, 1);
connect(m_pAdvanced, SIGNAL(toggled(bool)), this, SLOT(OnAdvanced()));
setLayout(layout);
}
void CBoxTypePage::setCurrentType(int type)
{
if(m_TypeGroup->buttons().count() < type)
m_TypeGroup->button(type)->setChecked(true);
}
int CBoxTypePage::currentType()
{
return m_TypeGroup->checkedId();
}
void CBoxTypePage::OnBoxTypChanged()
{
#ifndef USE_COMBO
int BoxType = m_TypeGroup->checkedId();
#else
int BoxType = m_pBoxType->currentData().toInt();
m_pInfoLabel->setText(theGUI->GetBoxDescription(BoxType));
#endif
if(BoxType != CSandBoxPlus::eDefault)
theGUI->CheckCertificate(this, BoxType == CSandBoxPlus::ePrivate);
emit completeChanged();
}
void CBoxTypePage::OnAdvanced()
{
((CNewBoxWizard*)wizard())->m_bAdvanced = m_pAdvanced->isChecked();
if (m_bInstant)
{
QString BoxName = m_pBoxName->text();
#ifdef USE_COMBO
int BoxType = m_pBoxType->currentIndex();
#endif
wizard()->restart();
m_pBoxName->setText(BoxName);
#ifdef USE_COMBO
m_pBoxType->setCurrentIndex(BoxType);
#endif
}
}
int CBoxTypePage::nextId() const
{
if (!m_pAdvanced->isChecked()) {
if(m_bInstant)
return -1;
return CNewBoxWizard::Page_Summary;
}
return CNewBoxWizard::Page_Files;
}
bool CBoxTypePage::isComplete() const
{
#ifndef USE_COMBO
if (m_TypeGroup->checkedId() == -1)
return false;
#endif
return true;
}
bool CBoxTypePage::validatePage()
{
QString BoxName = field("boxName").toString();
if (!theGUI->GetBoxView()->TestNameAndWarn(BoxName))
return false;
#ifndef USE_COMBO
int BoxType = m_TypeGroup->checkedId();
#else
int BoxType = m_pBoxType->currentData().toInt();
#endif
if ((BoxType == CSandBoxPlus::ePrivate || BoxType == CSandBoxPlus::ePrivatePlus) && !theGUI->IsImDiskReady()) {
theGUI->GetAddonManager()->TryInstallAddon("ImDisk", this, tr("To use encrypted boxes you need to install the ImDisk driver, do you want to download and install it?"));
return false;
}
if (m_bInstant && !m_pAdvanced->isChecked())
return !((CNewBoxWizard*)wizard())->TryToCreateBox().IsError();
return true;
}
//////////////////////////////////////////////////////////////////////////////////////////
// CFilesPage
//
CFilesPage::CFilesPage(QWidget *parent)
: QWizardPage(parent)
{
setTitle(tr("Sandbox location and behavior"));
setSubTitle(tr("On this page the sandbox location and its behavior can be customized.\nYou can use %USER% to save each users sandbox to an own folder."));
int row = 0;
QGridLayout *layout = new QGridLayout;
QLabel* pFileLabel = new QLabel(tr("Sandboxed Files"), this);
QFont fnt = pFileLabel->font();
fnt.setBold(true);
//fnt.setWeight(QFont::DemiBold);
pFileLabel->setFont(fnt);
layout->addWidget(pFileLabel, row++, 0);
layout->addItem(new QSpacerItem(40, 20, QSizePolicy::Expanding, QSizePolicy::Minimum), 0, 2, 1, 1);
// Location
QLineEdit* pDummy = new QLineEdit();
pDummy->setVisible(false);
layout->addWidget(pDummy, row, 0);
registerField("boxLocation", pDummy);
QHBoxLayout* pLayout = new QHBoxLayout();
pLayout->setContentsMargins(0,0,0,0);
m_pBoxLocation = new QComboBox();
m_pBoxLocation->setEditable(true);
pLayout->addWidget(m_pBoxLocation);
QPushButton* pButton = new QPushButton("...");
pButton->setMaximumWidth(25);
connect(pButton, &QPushButton::clicked, [&]() {
QString FilePath = QFileDialog::getExistingDirectory(this, tr("Select Directory"));
if (!FilePath.isEmpty())
this->m_pBoxLocation->setCurrentText(FilePath.replace("/", "\\"));
});
pLayout->addWidget(pButton);
layout->addLayout(pLayout, row++, 1, 1, 3);
//
QLabel* pVersionLbl = new QLabel(tr("Virtualization scheme"), this);
layout->addWidget(pVersionLbl, row, 1);
QComboBox* pVersion = new QComboBox();
pVersion->addItem(tr("Version 1"));
pVersion->addItem(tr("Version 2"));
layout->addWidget(pVersion, row++, 2);
pVersion->setCurrentIndex(theConf->GetInt("BoxDefaults/BoxScheme", 2) - 1); // V2 default
layout->addItem(new QSpacerItem(40, 20, QSizePolicy::Expanding, QSizePolicy::Minimum), 0, 3, 1, 1);
registerField("boxVersion", pVersion);
QCheckBox* pUserFolders = new QCheckBox(tr("Separate user folders"));
pUserFolders->setChecked(theConf->GetBool("BoxDefaults/SeparateUser", true));
layout->addWidget(pUserFolders, row++, 2, 1, 2);
registerField("separateUser", pUserFolders);
QCheckBox* pUseVolumeSN = new QCheckBox(tr("Use volume serial numbers for drives"));
pUseVolumeSN->setChecked(theConf->GetBool("BoxDefaults/UseVolumeSN", false));
layout->addWidget(pUseVolumeSN, row++, 2, 1, 2);
registerField("useVolumeSN", pUseVolumeSN);
QCheckBox* pAutoDelete = new QCheckBox(tr("Auto delete content when last process terminates"));
pAutoDelete->setChecked(theConf->GetBool("BoxDefaults/AutoDelete", false));
layout->addWidget(pAutoDelete, row++, 1, 1, 3);
if (field("autoRemove").toBool())
pAutoDelete->setEnabled(false);
registerField("autoDelete", pAutoDelete);
QCheckBox* pAutoRecover = new QCheckBox(tr("Enable Immediate Recovery of files from recovery locations"));
pAutoRecover->setChecked(theConf->GetBool("BoxDefaults/AutoRecover", true));
layout->addWidget(pAutoRecover, row++, 1, 1, 3);
registerField("autoRecover", pAutoRecover);
setLayout(layout);
int size = 16.0;
#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
size *= (QApplication::desktop()->logicalDpiX() / 96.0); // todo Qt6
#endif
AddIconToLabel(pFileLabel, CSandMan::GetIcon("Folder").pixmap(size,size));
}
int CFilesPage::nextId() const
{
return CNewBoxWizard::Page_Advanced;
}
void CFilesPage::initializePage()
{
m_pBoxLocation->clear();
QString Location = theAPI->GetGlobalSettings()->GetText("FileRootPath", "\\??\\%SystemDrive%\\Sandbox\\%USER%\\%SANDBOX%");
m_pBoxLocation->addItem(Location/*.replace("%SANDBOX%", field("boxName").toString())*/);
}
bool CFilesPage::validatePage()
{
QString Location = m_pBoxLocation->currentText();
if (Location == m_pBoxLocation->itemText(0))
wizard()->setField("boxLocation", "");
else {
if (Location.mid(2).contains(QRegularExpression("[ <>:\"/\\|?*\\[\\]]"))){
QMessageBox::critical(this, "Sandboxie-Plus", tr("The selected box location is not a valid path."));
return false;
}
QDir Dir(Location);
if (Dir.exists() && !Dir.entryList(QDir::NoDotAndDotDot | QDir::AllEntries).isEmpty()) {
if(QMessageBox::warning(this, "Sandboxie-Plus", tr("The selected box location exists and is not empty, it is recommended to pick a new or empty folder. "
"Are you sure you want to use an existing folder?"), QDialogButtonBox::Yes, QDialogButtonBox::No) != QDialogButtonBox::Yes)
return false;
}
if (!QDir().exists(Location.left(3))) {
QMessageBox::critical(this, "Sandboxie-Plus", tr("The selected box location is not placed on a currently available drive."));
return false;
}
wizard()->setField("boxLocation", Location);
}
return true;
}
//////////////////////////////////////////////////////////////////////////////////////////
// CAdvancedPage
//
CAdvancedPage::CAdvancedPage(QWidget *parent)
: QWizardPage(parent)
{
setTitle(tr("Advanced Sandbox options"));
setSubTitle(tr("On this page advanced sandbox options can be configured."));
int row = 0;
QGridLayout *layout = new QGridLayout;
QLabel* pNetLabel = new QLabel(tr("Network Access"), this);
QFont fnt = pNetLabel->font();
fnt.setBold(true);
//fnt.setWeight(QFont::DemiBold);
pNetLabel->setFont(fnt);
layout->addWidget(pNetLabel, row++, 0);
QComboBox* pNetAccess = new QComboBox();
pNetAccess->addItem(tr("Allow network/internet access"));
pNetAccess->addItem(tr("Block network/internet by denying access to Network devices"));
if (theGUI->IsWFPEnabled())
pNetAccess->addItem(tr("Block network/internet using Windows Filtering Platform"));
pNetAccess->setCurrentIndex(theConf->GetInt("BoxDefaults/BlockNetwork", 0));
layout->addWidget(pNetAccess, row++, 1, 1, 3);
registerField("blockNetwork", pNetAccess);
m_pShareAccess = new QCheckBox(tr("Allow access to network files and folders"));
m_pShareAccess->setToolTip(tr("This option is not recommended for Hardened boxes"));
m_pShareAccess->setChecked(theConf->GetBool("BoxDefaults/ShareAccess", false));
layout->addWidget(m_pShareAccess, row++, 1, 1, 3);
registerField("shareAccess", m_pShareAccess);
QLabel* pAdminLabel = new QLabel(tr("Admin Options"), this);
pAdminLabel->setFont(fnt);
layout->addWidget(pAdminLabel, row++, 0);
QCheckBox* pFakeAdmin = new QCheckBox(tr("Make applications think they are running elevated"));
pFakeAdmin->setChecked(theConf->GetBool("BoxDefaults/FakeAdmin", false));
layout->addWidget(pFakeAdmin, row++, 1, 1, 3);
registerField("fakeAdmin", pFakeAdmin);
m_pMSIServer = new QCheckBox(tr("Allow MSIServer to run with a sandboxed system token"));
m_pMSIServer->setToolTip(tr("This option is not recommended for Hardened boxes"));
m_pMSIServer->setChecked(theConf->GetBool("BoxDefaults/MsiExemptions", false));
layout->addWidget(m_pMSIServer, row++, 1, 1, 3);
registerField("msiServer", m_pMSIServer);
QLabel* pBoxLabel = new QLabel(tr("Box Options"), this);
pBoxLabel->setFont(fnt);
layout->addWidget(pBoxLabel, row++, 0);
m_pBoxToken = new QCheckBox(tr("Use a Sandboxie login instead of an anonymous token"));
m_pBoxToken->setToolTip(tr("Using a custom Sandboxie Token allows to isolate individual sandboxes from each other better, and it shows in the user column of task managers the name of the box a process belongs to. Some 3rd party security solutions may however have problems with custom tokens."));
m_pBoxToken->setChecked(theConf->GetBool("BoxDefaults/BoxToken", false));
layout->addWidget(m_pBoxToken, row++, 1, 1, 3);
registerField("boxToken", m_pBoxToken);
QCheckBox* pImageProtection = new QCheckBox(tr("Prevent sandboxes programs installed on host from loading dll's from the sandbox"));
pImageProtection->setToolTip(tr("This feature may reduce compatibility as it also prevents box located processes from writing to host located ones and even starting them."));
pImageProtection->setChecked(theConf->GetBool("BoxDefaults/ImagesProtection", false));
pImageProtection->setEnabled(g_CertInfo.active);
layout->addWidget(pImageProtection, row++, 1, 1, 3);
registerField("imagesProtection", pImageProtection);
setLayout(layout);
int size = 16.0;
#if QT_VERSION < QT_VERSION_CHECK(6, 0, 0)
size *= (QApplication::desktop()->logicalDpiX() / 96.0); // todo Qt6
#endif
AddIconToLabel(pNetLabel, CSandMan::GetIcon("Network").pixmap(size,size));
AddIconToLabel(pAdminLabel, CSandMan::GetIcon("Shield9").pixmap(size,size));
AddIconToLabel(pBoxLabel, CSandMan::GetIcon("Sandbox").pixmap(size,size));
}
int CAdvancedPage::nextId() const
{
return CNewBoxWizard::Page_Summary;
}
void CAdvancedPage::initializePage()
{
int BoxType = wizard()->field("boxType").toInt();
bool bHardened = (BoxType == CSandBoxPlus::eHardenedPlus || BoxType == CSandBoxPlus::eHardened);
m_pMSIServer->setEnabled(!bHardened);
m_pShareAccess->setEnabled(!bHardened);
bool bAppBox = (BoxType == CSandBoxPlus::eAppBoxPlus || BoxType == CSandBoxPlus::eAppBox);
m_pBoxToken->setEnabled(!bAppBox);
}
bool CAdvancedPage::validatePage()
{
return true;
}
//////////////////////////////////////////////////////////////////////////////////////////
// CSummaryPage
//
CSummaryPage::CSummaryPage(QWidget *parent)
: QWizardPage(parent)
{
setTitle(tr("Create the new Sandbox"));
QPixmap Logo = QPixmap(theGUI->m_DarkTheme ? ":/SideLogoDM.png" : ":/SideLogo.png");
int Scaling = theConf->GetInt("Options/FontScaling", 100);
if(Scaling != 100) Logo = Logo.scaled(Logo.width() * Scaling / 100, Logo.height() * Scaling / 100);
setPixmap(QWizard::WatermarkPixmap, Logo);
int row = 0;
QGridLayout *layout = new QGridLayout;
QLabel* pLabel = new QLabel;
pLabel->setWordWrap(true);
pLabel->setText(tr("Almost complete, click Finish to create a new sandbox and conclude the wizard."));
layout->addWidget(pLabel, row++ , 0, 1, 3);
m_pSummary = new QTextEdit();
m_pSummary->setReadOnly(true);
m_pSummary->setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Expanding);
layout->addWidget(m_pSummary, row++ , 0, 1, 3);
m_pSetDefault = new QCheckBox(tr("Save options as new defaults"));
layout->addWidget(m_pSetDefault, row++, 2);
//QWidget* pSpacer = new QWidget();
//pSpacer->setMinimumHeight(16);
//layout->addWidget(pSpacer);
QWidget* pSpacer = new QWidget();
pSpacer->setSizePolicy(QSizePolicy::Expanding, QSizePolicy::Expanding);
layout->addWidget(pSpacer, row++, 1);
m_pSetInstant = new QCheckBox(tr("Skip this summary page when advanced options are not set"));
m_pSetInstant->setChecked(theConf->GetBool("Options/InstantBoxWizard", false));
layout->addWidget(m_pSetInstant, row++, 1, 1, 2);
setLayout(layout);
}
int CSummaryPage::nextId() const
{
return -1;
}
void CSummaryPage::initializePage()
{
m_pSummary->setText(theGUI->GetBoxDescription(wizard()->field("boxType").toInt()));
QString Location = field("boxLocation").toString();
if (Location.isEmpty())
Location = ((CNewBoxWizard*)wizard())->GetDefaultLocation();
m_pSummary->append(tr("\nThis Sandbox will be saved to: %1").arg(Location));
if (field("autoRemove").toBool())
m_pSummary->append(tr("\nThis box's content will be DISCARDED when it's closed, and the box will be removed."));
else if (field("autoDelete").toBool())
m_pSummary->append(tr("\nThis box will DISCARD its content when its closed, its suitable only for temporary data."));
if (field("blockNetwork").toInt())
m_pSummary->append(tr("\nProcesses in this box will not be able to access the internet or the local network, this ensures all accessed data to stay confidential."));
if (field("msiServer").toBool())
m_pSummary->append(tr("\nThis box will run the MSIServer (*.msi installer service) with a system token, this improves the compatibility but reduces the security isolation."));
else if(field("fakeAdmin").toBool())
m_pSummary->append(tr("\nProcesses in this box will think they are run with administrative privileges, without actually having them, hence installers can be used even in a security hardened box."));
if(field("boxToken").toBool())
m_pSummary->append(tr("\nProcesses in this box will be running with a custom process token indicating the sandbox they belong to."));
m_pSetDefault->setVisible(((CNewBoxWizard*)wizard())->m_bAdvanced);
}
bool CSummaryPage::validatePage()
{
if (m_pSetDefault->isChecked())
{
theConf->SetValue("BoxDefaults/BoxScheme", field("boxVersion").toInt() + 1);
theConf->SetValue("BoxDefaults/SeparateUser", field("separateUser").toBool());
theConf->SetValue("BoxDefaults/UseVolumeSN", field("useVolumeSN").toBool());
theConf->SetValue("BoxDefaults/AutoDelete", field("autoDelete").toBool());
theConf->SetValue("BoxDefaults/AutoRecover", field("autoRecover").toBool());
theConf->SetValue("BoxDefaults/BlockNetwork", field("blockNetwork").toInt());
theConf->SetValue("BoxDefaults/ShareAccess", field("shareAccess").toBool());
theConf->SetValue("BoxDefaults/FakeAdmin", field("fakeAdmin").toBool());
theConf->SetValue("BoxDefaults/MsiExemptions", field("msiServer").toBool());
theConf->SetValue("BoxDefaults/BoxToken", field("boxToken").toBool());
theConf->SetValue("BoxDefaults/ImagesProtection", field("imagesProtection").toBool());
}
theConf->SetValue("Options/InstantBoxWizard", m_pSetInstant->isChecked());
theConf->SetValue("Options/AdvancedBoxWizard", ((CNewBoxWizard*)wizard())->m_bAdvanced);
SB_STATUS Status = ((CNewBoxWizard*)wizard())->TryToCreateBox();
if (Status.IsError()) {
if(Status.GetMsgCode() != SB_Canceled)
QMessageBox::critical(this, "Sandboxie-Plus", tr("Failed to create new box: %1").arg(theGUI->FormatError(Status)));
return false;
}
return true;
}