[v5.55.7] ReadFilePath no longer works

[APMichael]

I have updated from version 5.53.3 to 5.55.7. Unfortunately, however, allowing a network directory with ReadFilePath no longer works.

Network access is prevented by BlockNetworkFiles=y. Using ReadFilePath, I have always been able to allow read-only access to a network directory. This no longer works now. If OpenFilePath is used instead, access works again, but then there are also write permissions.

Edit: What I noticed:
With OpenFilePath: Access works.
With ReadFilePath: No access, file dialog reports missing permissions.
Without OpenFilePath/ReadFilePath: No access, file dialog reports drive not available.
Maybe this helps to analyze the problem?

[DavidXanatos]

So to clarify:

1. were you able to bypass BlockNetworkFiles=y with ReadFilePath, i.e. have BlockNetworkFiles=y and yet still access to network files?
2. are we talking about unc paths \server\share\some_folder or mounted network drives?

[isaak654]

According to this reply, BlockNetworkFiles blocks all network files except those you specifically open (for reading or writing).

[DavidXanatos]

hmm... indeed... it would seam so, yea I'll have to fix this the new rule specificity system did not take this into account I just took it at face value block -> block everything

[isaak654]

So this is the only question left that would need a confirmation:

2. are we talking about unc paths \server\share\some_folder or mounted network drives?

[DavidXanatos]

The issue will be fixed in the next build and improved,
you will now also be able to allow specific network paths with the NormalFilePath= directive, which means writes to these locations will be captured in the sandbox.

[isaak654]

I'm not sure this is completely fixed: I just extracted the latest CI build (at the time of writing), used ReadFilePath=\\VBoxSvr\folder in a clean new sandbox (with the default preset), tried to access a mounted network drive inside the sandbox and I got the missing permissions error reported in OP:

With ReadFilePath: No access, file dialog reports missing permissions.

PS: More precisely, it's a VirtualBox Shared Folder, I tested this behavior inside a VM.

[DavidXanatos]

Strange for me this test passes, please test again with a real share, its possible that the virtual box stuff is internally a different device or something

[isaak654]

@DavidXanatos
The weirdest thing here is that I can actually see my real network shares in Windows Explorer on the same VM, but I'm not able to see them inside a sandboxed Windows Explorer... I really don't know why this happens and that doesn't change even with BlockNetworkFiles=n or BlockNetParam=n.

[APMichael]

The issue will be fixed in the next build and improved, ...

Thank you for the quick reply. Great news that it will be fixed in the next build.

2. are we talking about unc paths \server\share\some_folder or mounted network drives?

The required network drive is mapped/mounted to a drive letter using "net use" (e.g. drive letter "Z:", ReadFilePath would then be "ReadFilePath=Z:\").

@isaak654 Thank you also for the help.

[APMichael]

I can confirm that the issue has been fixed with the new version 5.55.8. Thanks again! 👍