Skip to content

Commit

Permalink
Add an option to force the protection of an encrypted sandbox to be e…
Browse files Browse the repository at this point in the history 
…nabled.
  • Loading branch information
@love-code-yeyixiao
love-code-yeyixiao committed Mar 23, 2024
1 parent bd34af9 commit f39e4a1
Show file tree
Hide file tree
Showing 5 changed files with 131 additions and 108 deletions.
217 changes: 112 additions & 105 deletions SandboxiePlus/SandMan/Forms/OptionsWindow.ui
View file
Original file line number Diff line number Diff line change
Expand Up @@ -285,56 +285,65 @@
<string>File Options</string>
</attribute>
<layout class="QGridLayout" name="gridLayout_28">
<item row="13" column="1">
<widget class="QLabel" name="label_37">
<property name="maximumSize">
<size>
<width>20</width>
<height>16777215</height>
</size>
<item row="0" column="0">
<widget class="QLabel" name="lblStructure">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<property name="text">
<string/>
<string>Box Structure</string>
</property>
</widget>
</item>
<item row="5" column="1" colspan="4">
<widget class="QCheckBox" name="chkEncrypt">
<item row="0" column="2" colspan="2">
<widget class="QLabel" name="lblWhenEmpty">
<property name="text">
<string>Encrypt sandbox content</string>
<string>The box structure can only be changed when the sandbox is empty</string>
</property>
</widget>
</item>
<item row="14" column="3">
<spacer name="horizontalSpacer_4">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>410</width>
<height>13</height>
</size>
<item row="1" column="1" colspan="3">
<widget class="QLabel" name="lblScheme">
<property name="text">
<string>Virtualization scheme</string>
</property>
</spacer>
</widget>
</item>
<item row="6" column="2" colspan="4">
<widget class="QLabel" name="lblCrypto">
<item row="1" column="4">
<widget class="QComboBox" name="cmbVersion"/>
</item>
<item row="2" column="1" colspan="3">
<widget class="QCheckBox" name="chkSeparateUserFolders">
<property name="text">
<string>When &lt;a href=&quot;sbie://docs/boxencryption&quot;&gt;Box Encryption&lt;/a&gt; is enabled the box’s root folder, including its registry hive, is stored in an encrypted disk image, using &lt;a href=&quot;https://diskcryptor.org&quot;&gt;Disk Cryptor's&lt;/a&gt; AES-XTS implementation.</string>
<string>Separate user folders</string>
</property>
<property name="wordWrap">
<bool>true</bool>
<property name="tristate">
<bool>false</bool>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</widget>
</item>
<item row="3" column="1" colspan="3">
<widget class="QCheckBox" name="chkUseVolumeSerialNumbers">
<property name="text">
<string>Use volume serial numbers for drives, like: \drive\C~1234-ABCD</string>
</property>
</widget>
</item>
<item row="13" column="2" colspan="4">
<widget class="QCheckBox" name="chkRawDiskNotify">
<item row="4" column="1" colspan="3">
<widget class="QCheckBox" name="chkRamBox">
<property name="text">
<string>Warn when an application opens a harddrive handle</string>
<string>Store the sandbox content in a Ram Disk</string>
</property>
</widget>
</item>
<item row="5" column="1" colspan="3">
<widget class="QCheckBox" name="chkEncrypt">
<property name="text">
<string>Encrypt sandbox content</string>
</property>
</widget>
</item>
Expand All @@ -345,31 +354,35 @@
</property>
</widget>
</item>
<item row="1" column="1" colspan="3">
<widget class="QLabel" name="lblScheme">
<item row="6" column="2" colspan="4">
<widget class="QLabel" name="lblCrypto">
<property name="text">
<string>Virtualization scheme</string>
<string>When &lt;a href=&quot;sbie://docs/boxencryption&quot;&gt;Box Encryption&lt;/a&gt; is enabled the box’s root folder, including its registry hive, is stored in an encrypted disk image, using &lt;a href=&quot;https://diskcryptor.org&quot;&gt;Disk Cryptor's&lt;/a&gt; AES-XTS implementation.</string>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
<property name="openExternalLinks">
<bool>true</bool>
</property>
</widget>
</item>
<item row="1" column="4">
<widget class="QComboBox" name="cmbVersion"/>
</item>
<item row="14" column="1">
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
<item row="7" column="2" colspan="2">
<widget class="QLabel" name="lblImDisk">
<property name="text">
<string>&lt;a href=&quot;addon://ImDisk&quot;&gt;Install ImDisk&lt;/a&gt; driver to enable Ram Disk and Disk Image support.</string>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>52</height>
</size>
</widget>
</item>
<item row="8" column="2" colspan="2">
<widget class="QCheckBox" name="chkForceProtection">
<property name="text">
<string>Force protection on mount</string>
</property>
</spacer>
</widget>
</item>
<item row="11" column="0" colspan="2">
<widget class="QLabel" name="lblRawDisk">
<item row="9" column="0" colspan="3">
<widget class="QLabel" name="lblDelete">
<property name="font">
<font>
<weight>75</weight>
Expand All @@ -378,25 +391,18 @@
</font>
</property>
<property name="text">
<string>Disk/File access</string>
</property>
</widget>
</item>
<item row="12" column="1" colspan="5">
<widget class="QCheckBox" name="chkRawDiskRead">
<property name="text">
<string>Allow elevated sandboxed applications to read the harddrive</string>
<string>Box Delete options</string>
</property>
</widget>
</item>
<item row="0" column="2" colspan="4">
<widget class="QLabel" name="lblWhenEmpty">
<item row="10" column="1" colspan="3">
<widget class="QCheckBox" name="chkAutoEmpty">
<property name="text">
<string>The box structure can only be changed when the sandbox is empty</string>
<string>Auto delete content when last sandboxed process terminates</string>
</property>
</widget>
</item>
<item row="10" column="1" colspan="4">
<item row="11" column="1" colspan="3">
<widget class="QCheckBox" name="chkProtectBox">
<property name="toolTip">
<string>Partially checked means prevent box removal but not content deletion.</string>
Expand All @@ -409,22 +415,8 @@
</property>
</widget>
</item>
<item row="9" column="1" colspan="5">
<widget class="QCheckBox" name="chkAutoEmpty">
<property name="text">
<string>Auto delete content when last sandboxed process terminates</string>
</property>
</widget>
</item>
<item row="7" column="2" colspan="4">
<widget class="QLabel" name="lblImDisk">
<property name="text">
<string>&lt;a href=&quot;addon://ImDisk&quot;&gt;Install ImDisk&lt;/a&gt; driver to enable Ram Disk and Disk Image support.</string>
</property>
</widget>
</item>
<item row="0" column="0">
<widget class="QLabel" name="lblStructure">
<item row="12" column="0" colspan="2">
<widget class="QLabel" name="lblRawDisk">
<property name="font">
<font>
<weight>75</weight>
Expand All @@ -433,47 +425,62 @@
</font>
</property>
<property name="text">
<string>Box Structure</string>
<string>Disk/File access</string>
</property>
</widget>
</item>
<item row="2" column="1" colspan="4">
<widget class="QCheckBox" name="chkSeparateUserFolders">
<property name="text">
<string>Separate user folders</string>
<item row="13" column="1">
<widget class="QLabel" name="label_37">
<property name="maximumSize">
<size>
<width>20</width>
<height>16777215</height>
</size>
</property>
<property name="tristate">
<bool>false</bool>
<property name="text">
<string/>
</property>
</widget>
</item>
<item row="4" column="1" colspan="4">
<widget class="QCheckBox" name="chkRamBox">
<item row="14" column="1" colspan="3">
<widget class="QCheckBox" name="chkRawDiskRead">
<property name="text">
<string>Store the sandbox content in a Ram Disk</string>
<string>Allow elevated sandboxed applications to read the harddrive</string>
</property>
</widget>
</item>
<item row="8" column="0" colspan="3">
<widget class="QLabel" name="lblDelete">
<property name="font">
<font>
<weight>75</weight>
<bold>true</bold>
<kerning>true</kerning>
</font>
</property>
<item row="15" column="2" colspan="2">
<widget class="QCheckBox" name="chkRawDiskNotify">
<property name="text">
<string>Box Delete options</string>
<string>Warn when an application opens a harddrive handle</string>
</property>
</widget>
</item>
<item row="3" column="1" colspan="5">
<widget class="QCheckBox" name="chkUseVolumeSerialNumbers">
<property name="text">
<string>Use volume serial numbers for drives, like: \drive\C~1234-ABCD</string>
<item row="16" column="1">
<spacer name="verticalSpacer_2">
<property name="orientation">
<enum>Qt::Vertical</enum>
</property>
</widget>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>52</height>
</size>
</property>
</spacer>
</item>
<item row="16" column="3">
<spacer name="horizontalSpacer_4">
<property name="orientation">
<enum>Qt::Horizontal</enum>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>410</width>
<height>13</height>
</size>
</property>
</spacer>
</item>
</layout>
</widget>
Expand Down Expand Up @@ -4518,8 +4525,8 @@ instead of &quot;*&quot;.</string>
<rect>
<x>0</x>
<y>0</y>
<width>98</width>
<height>28</height>
<width>92</width>
<height>16</height>
</rect>
</property>
<layout class="QGridLayout" name="dbgLayout">
Expand Down
1 change: 1 addition & 0 deletions SandboxiePlus/SandMan/SandMan.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1716,6 +1716,7 @@ SB_STATUS CSandMan::ImBoxMount(const CSandBoxPtr& pBox, bool bAutoUnmount)
}

CBoxImageWindow window(CBoxImageWindow::eMount, this);
window.SetForce(pBox->GetBool("ForceProtectionOnMount", false));
if (theGUI->SafeExec(&window) != 1)
return SB_ERR(SB_Canceled);
return pBox->ImBoxMount(window.GetPassword(), window.UseProtection(), window.AutoUnMount());
Expand Down
11 changes: 9 additions & 2 deletions SandboxiePlus/SandMan/Windows/BoxImageWindow.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,10 +97,17 @@ CBoxImageWindow::CBoxImageWindow(EAction Action, QWidget *parent)
ui.chkProtect->setVisible(false);
ui.chkAutoLock->setVisible(false);
}




//restoreGeometry(theConf->GetBlob("BoxImageWindow/Window_Geometry"));
}

void CBoxImageWindow::SetForce(bool force) {
ui.chkProtect->setEnabled(!force);
ui.chkProtect->setChecked(true);
ui.chkAutoLock->setChecked(true);
ui.chkAutoLock->setEnabled(!force);
}
CBoxImageWindow::~CBoxImageWindow()
{
//theConf->SetBlob("BoxImageWindow/Window_Geometry", saveGeometry());
Expand Down
1 change: 1 addition & 0 deletions SandboxiePlus/SandMan/Windows/BoxImageWindow.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ class CBoxImageWindow : public QDialog

QString GetPassword() const { return m_Password; }
QString GetNewPassword() const { return m_NewPassword; }
void SetForce(bool force);
void SetImageSize(quint64 uSize) const { return ui.txtImageSize->setText(QString::number(uSize / 1024)); }
quint64 GetImageSize() const { return ui.txtImageSize->text().toULongLong() * 1024; }
bool UseProtection() const { return ui.chkProtect->isChecked(); }
Expand Down
9 changes: 8 additions & 1 deletion SandboxiePlus/SandMan/Windows/OptionsGeneral.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -190,6 +190,7 @@ void COptionsWindow::CreateGeneral()

connect(ui.chkRamBox, SIGNAL(clicked(bool)), this, SLOT(OnDiskChanged()));
connect(ui.chkEncrypt, SIGNAL(clicked(bool)), this, SLOT(OnDiskChanged()));
connect(ui.chkForceProtection, SIGNAL(clicked(bool)), this, SLOT(OnGeneralChanged()));
connect(ui.btnPassword, SIGNAL(clicked(bool)), this, SLOT(OnSetPassword()));

bool bImDiskReady = theGUI->IsImDiskReady();
Expand Down Expand Up @@ -330,8 +331,11 @@ void COptionsWindow::LoadGeneral()

ui.chkRamBox->setChecked(m_pBox->GetBool("UseRamDisk", false));
ui.chkEncrypt->setChecked(m_pBox->GetBool("UseFileImage", false));
if (ui.chkRamBox->isEnabled())
ui.chkForceProtection->setChecked(m_pBox->GetBool("ForceProtectionOnMount", false));
if (ui.chkRamBox->isEnabled()) {
ui.chkEncrypt->setEnabled(!ui.chkRamBox->isChecked());
ui.chkForceProtection->setEnabled(!ui.chkRamBox->isChecked());
}
CSandBoxPlus* pBoxEx = qobject_cast<CSandBoxPlus*>(m_pBox.data());
if (pBoxEx && QFile::exists(pBoxEx->GetBoxImagePath()))
{
Expand Down Expand Up @@ -422,6 +426,7 @@ void COptionsWindow::SaveGeneral()
WriteAdvancedCheck(ui.chkCloseClipBoard, "OpenClipboard", "n", "");
//WriteAdvancedCheck(ui.chkBlockCapture, "IsBlockCapture", "y", "n");
WriteAdvancedCheck(ui.chkProtectPower, "BlockInterferePower", "y", "n");
WriteAdvancedCheck(ui.chkForceProtection, "ForceProtectionOnMount", "y", "n");
WriteAdvancedCheck(ui.chkVmReadNotify, "NotifyProcessAccessDenied", "y", "");
//WriteAdvancedCheck(ui.chkOpenSmartCard, "OpenSmartCard", "", "n");
//WriteAdvancedCheck(ui.chkOpenBluetooth, "OpenBluetooth", "y", "");
Expand Down Expand Up @@ -1127,11 +1132,13 @@ void COptionsWindow::OnDiskChanged()
ui.chkEncrypt->setEnabled(false);
ui.chkEncrypt->setChecked(false);
ui.btnPassword->setEnabled(false);
ui.chkForceProtection->setEnabled(false);
}
else {
ui.chkEncrypt->setEnabled(true);
CSandBoxPlus* pBoxEx = qobject_cast<CSandBoxPlus*>(m_pBox.data());
ui.btnPassword->setEnabled(ui.chkEncrypt->isChecked() && pBoxEx && pBoxEx->GetMountRoot().isEmpty());
ui.chkForceProtection->setEnabled(ui.chkEncrypt->isChecked());
}

OnGeneralChanged();
Expand Down

0 comments on commit f39e4a1

Please sign in to comment.