Changeset 104384 in vbox

Timestamp:

Apr 19, 2024 10:03:10 PM (11 months ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

162874

Message:

/Config.kmk,SUPHardNt: s/VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK/VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT/; s/SUPHNTVI_F_TRUSTED_INSTALLER_OWNER/SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER/; some more comments, a @todo and dialing back the changes a little. bugref:10657

Location:

trunk

Files:

• Config.kmk (modified) (10 diffs)
• src/VBox/HostDrivers/Support/Makefile.kmk (modified) (1 diff)
• src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h (modified) (1 diff)
• src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp (modified) (9 diffs)
• src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp (modified) (2 diffs)
• src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp (modified) (2 diffs)

trunk/Config.kmk ¶

@@ -1181 +1181 @@
  endif
 endif
-VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK = 1
+# Building windows without a kernel code signing certificate (as good as
+# impossible to get these days, so enabled by default).
+VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT = 1
 # Enable the system wide support service/daemon.
 # Very sketchy work in progress.
@@ -4863 +4865 @@
         $(CHMOD) a+rw -- "$@"
         $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release \
-                $(if-expr !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK),/IntegrityCheck,) \
+                $(if-expr !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT),/IntegrityCheck,) \
                 /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
                 "$@"
@@ -4886 +4888 @@
         $(CHMOD) a+rw -- "$@"
         $(VBOX_VCC_EDITBIN) /LargeAddressAware /DynamicBase /NxCompat /Release \
-                $(if-expr !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK),/IntegrityCheck,) \
+                $(if-expr !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT),/IntegrityCheck,) \
                 /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
                 "$@"
@@ -5390 +5392 @@
         -Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
         -Stub:$(PATH_ROOT)/src/VBox/HostDrivers/Support/win/winstub.com
-  if defined(VBOX_SIGNING_MODE) && !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK)
+  if defined(VBOX_SIGNING_MODE) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
    TEMPLATE_VBoxRc_LDFLAGS          += -IntegrityCheck
   endif
@@ -5551 +5553 @@
   TEMPLATE_VBoxR0_LDFLAGS          += -Merge:VTGPrLc.Data=VTGPrLc.Begin -Merge:VTGPrLc.End=VTGPrLc.Begin -Merge:VTGPrLc.Begin=VTGObj
  endif
- if defined(VBOX_SIGNING_MODE) && !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK)
+ if defined(VBOX_SIGNING_MODE) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
   TEMPLATE_VBoxR0_LDFLAGS          += -IntegrityCheck
  endif
@@ -5754 +5756 @@
   TEMPLATE_VBoxR0Drv_LDFLAGS          += -Merge:VTGPrLc.Data=VTGPrLc.Begin -Merge:VTGPrLc.End=VTGPrLc.Begin -Merge:VTGPrLc.Begin=VTGObj
  endif
- if defined(VBOX_SIGNING_MODE) && !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK)
+ if defined(VBOX_SIGNING_MODE) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
   TEMPLATE_VBoxR0Drv_LDFLAGS          += -IntegrityCheck
  endif
@@ -6337 +6339 @@
   TEMPLATE_VBoxR3Exe_LDFLAGS          += -Merge:VTGPrLc.Data=VTGPrLc.Begin -Merge:VTGPrLc.End=VTGPrLc.Begin -Merge:VTGPrLc.Begin=VTGObj
  endif
- if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK)
+ if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
   TEMPLATE_VBoxR3Exe_LDFLAGS          += -IntegrityCheck
  endif
@@ -6984 +6986 @@
 TEMPLATE_VBoxR3HardenedTstDll_INST = $(INST_TESTCASE)
 TEMPLATE_VBoxR3HardenedTstDll_LDFLAGS.win  = $(TEMPLATE_VBoxR3TstDll_LDFLAGS.win) \
-        $(if-expr !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK),-IntegrityCheck,)
+        $(if-expr !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT),-IntegrityCheck,)
 ifn1of ($(KBUILD_TARGET), win os2)
  TEMPLATE_VBoxR3HardenedTstDll_LDFLAGS       = $(filter-out '$(VBOX_GCC_RPATH_OPT)%,$(TEMPLATE_VBoxR3TstDll_LDFLAGS))
@@ -7293 +7295 @@
         /DISALLOWLIB:libucrt.lib \
         /DISALLOWLIB:libucrtd.lib
- if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK)
+ if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
   TEMPLATE_VBoxMainExe_LDFLAGS          += -IntegrityCheck
  endif
@@ -7995 +7997 @@
         /Version:$(VBOX_VERSION_MAJOR)0$(VBOX_VERSION_MINOR).$(VBOX_VERSION_BUILD) \
         /STUB:$(PATH_ROOT)/src/VBox/HostDrivers/Support/win/winstub.com
-  if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK)
+  if defined(VBOX_SIGNING_MODE) && defined(VBOX_WITH_HARDENING) && !defined(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT)
    TEMPLATE_VBoxQtGuiExe_LDFLAGS += -IntegrityCheck
   endif

trunk/src/VBox/HostDrivers/Support/Makefile.kmk ¶

@@ -240 +240 @@
         $(if $(VBOX_WITH_DRIVERLESS_NEM_FALLBACK),VBOX_WITH_DRIVERLESS_NEM_FALLBACK,) \
         $(if $(VBOX_WITHOUT_DEBUGGER_CHECKS),VBOX_WITHOUT_DEBUGGER_CHECKS,) \
-        $(if $(VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK),VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK,) \
+        $(if $(VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT),VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT,) \
         $(if $(VBOX_PERMIT_VISUAL_STUDIO_PROFILING),VBOX_PERMIT_VISUAL_STUDIO_PROFILING,) \
         VBOX_PERMIT_MORE \

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerify-win.h ¶

@@ -148 +148 @@
 /** Require kernel code signing level. */
 #  define SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING    RT_BIT(1)
-#  ifndef VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK
 /** Require the image to force the memory mapper to do signature checking. */
-#   define SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT  RT_BIT(2)
-#  endif
+#  define SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT  RT_BIT(2)
 /** Whether to allow image verification by catalog file. */
 #  define SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION    RT_BIT(3)
-/** The file owner must be TrustedInstaller on Vista+. */
-#  define SUPHNTVI_F_TRUSTED_INSTALLER_OWNER        RT_BIT(4)
+/** The file owner must be TrustedInstaller, Builtin\\Administrators
+ *  (S-1-5-32-544) or local system (S-1-5-21) on Vista+. */
+#  define SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER RT_BIT(4)
 /** Ignore the image architecture (otherwise it must match the verification
  * code).  Used with resource images and such. */

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyImage-win.cpp ¶

@@ -808 +808 @@
 
         /* Must be owned by trusted installer. (This test is superfuous, thus no relaxation here.) */
-        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER)
             && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
             return rc;
@@ -869 +869 @@
 
         /* Must be owned by trusted installer. */
-        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER)
             && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
             return rc;
@@ -886 +886 @@
         pwsz = pwszName + cwcOther + 1;
 
-        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER)
             && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
             return rc;
@@ -934 +934 @@
        )
     {
-        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+        if (   !(fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER)
             && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
             return rc;
@@ -944 +944 @@
      * Anything that's owned by the trusted installer.
      */
-    if (   (fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+    if (   (fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER)
         || supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(hFile, pwszName))
         return VINF_LDRVI_NOT_SIGNED;
@@ -1228 +1228 @@
     {
 #ifdef IN_RING3 /* Hack alert! (see above) */
-# ifndef VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK
         if (   (pNtViRdr->fFlags & SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING)
             && (pNtViRdr->fFlags & SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT)
             && uTimestamp < g_uBuildTimestampHack)
             uTimestamp = g_uBuildTimestampHack;
-# endif
 #endif
         RTTimeSpecSetSeconds(&aTimes[0].TimeSpec, uTimestamp);
@@ -1382 +1380 @@
     /** @todo Since we're now allowing Builtin\\Administrators after all, perhaps we
      *        could drop these system32 + winsxs hacks?? */
-    if (   (pNtViRdr->fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OWNER)
+    if (   (pNtViRdr->fFlags & SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER)
         && !supHardNtViCheckIsOwnedByTrustedInstallerOrSimilar(pNtViRdr->hFile, pwszName))
     {
@@ -1431 +1429 @@
         RTErrInfoAddF(pErrInfo, rc, ": %ls", pwszName);
 
-#ifndef VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK
     /*
      * Check for the signature checking enforcement, if requested to do so.
@@ -1446 +1443 @@
                                "The image '%ls' was not linked with /IntegrityCheck.", pwszName);
     }
-#endif
 
 #ifdef IN_RING3

trunk/src/VBox/HostDrivers/Support/win/SUPHardenedVerifyProcess-win.cpp ¶

@@ -2148 +2148 @@
      */
     uint32_t fFlags = fDll
-                    ? SUPHNTVI_F_TRUSTED_INSTALLER_OWNER | SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION
+                    ? SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER | SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION
                     : SUPHNTVI_F_REQUIRE_BUILD_CERT;
     if (f32bitResourceDll)
@@ -2395 +2395 @@
                                    rcNt, pThis->hProcess);
     }
-#ifndef VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK
+#ifndef VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT /* A kernel code signing cert is only via way to use /IntegrityCheck. */
     if ( !(ImageInfo.DllCharacteristics & IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY))
         return supHardNtVpSetInfo2(pThis, VERR_SUP_VP_EXE_MISSING_FORCE_INTEGRITY,

trunk/src/VBox/HostDrivers/Support/win/SUPR3HardenedMain-win.cpp ¶

@@ -1478 +1478 @@
     /*
      * Check the path.  We don't allow DLLs to be loaded from just anywhere:
-     *      1. System32      - normal code or cat signing, owner TrustedInstaller.
-     *      2. WinSxS        - normal code or cat signing, owner TrustedInstaller.
-     *      3. VirtualBox    - build cert code signing, and owner TrustedInstaller unless integrity check is enabled.
-     *      4. AppPatchDir   - normal code or cat signing, owner TrustedInstaller.
-     *      5. Program Files - normal code or cat signing, owner TrustedInstaller.
-     *      6. Common Files  - normal code or cat signing, owner TrustedInstaller.
+     *      1. System32      - normal code or cat signing, owner TrustedInstaller/Administrators/LocalSystem.
+     *      2. WinSxS        - normal code or cat signing, owner TrustedInstaller/Administrators/LocalSystem.
+     *      3. VirtualBox    - build with:
+     *         - regular code signing cert: build cert code signing, owner TrustedInstaller/Administrators/LocalSystem.
+     *         - kernel code signing cert:  kernel code signing and integrity checks.
+     *      4. AppPatchDir   - normal code or cat signing, owner TrustedInstaller/Administrators/LocalSystem.
+     *      5. Program Files - normal code or cat signing, owner TrustedInstaller/Administrators/LocalSystem.
+     *      6. Common Files  - normal code or cat signing, owner TrustedInstaller/Administrators/LocalSystem.
      *      7. x86 variations of 4 & 5 - ditto.
+     *
+     * Note! VBOX_WITHOUT_KERNEL_CODE_SIGNING_CERT means the /IntegrityCheck does
+     *       work as it doesn't seems like MS has come up with a generally accessible
+     *       alternative to the expired kernel code signing scheme for using this
+     *       securty enhancement.
      */
     uint32_t fFlags = 0;
     if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_System32NtPath.UniStr, true /*fCheckSlash*/))
-        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_WinSxSNtPath.UniStr, true /*fCheckSlash*/))
-        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_SupLibHardenedAppBinNtPath.UniStr, true /*fCheckSlash*/))
-# ifndef VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK
+# ifdef VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT
+        /** @todo r=bird: See SUPHNTVI_F_REQUIRE_BUILD_CERT comment below (in the
+         *        code that's actually used). */
+        fFlags |= SUPHNTVI_F_REQUIRE_BUILD_CERT | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
+# else
         fFlags |= SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING | SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT;
-# else
-        fFlags |= SUPHNTVI_F_REQUIRE_BUILD_CERT | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
 # endif
-    }
 # ifdef VBOX_PERMIT_MORE
     else if (supHardViIsAppPatchDir(uBuf.UniStr.Buffer, uBuf.UniStr.Length / sizeof(WCHAR)))
-        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_ProgramFilesNtPath.UniStr, true /*fCheckSlash*/))
-        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_CommonFilesNtPath.UniStr, true /*fCheckSlash*/))
-        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
 #  ifdef RT_ARCH_AMD64
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_ProgramFilesX86NtPath.UniStr, true /*fCheckSlash*/))
-        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
     else if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_CommonFilesX86NtPath.UniStr, true /*fCheckSlash*/))
-        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
 #  endif
 # endif
@@ -1537 +1545 @@
     /*
      * Require trusted installer + some kind of signature on everything, except
-     * for the VBox bits where we require a specific certificate and maybe special
-     * integrity checks.
+     * for the VBox bits where we have extra requirements depending on the signing
+     * certificate used:
+     *         - regular code signing cert: build cert code signing, owner TrustedInstaller/Administrators/LocalSystem.
+     *         - kernel code signing cert:  kernel code signing and integrity checks.
      */
     uint32_t fFlags = 0;
     if (supHardViUniStrPathStartsWithUniStr(&uBuf.UniStr, &g_SupLibHardenedAppBinNtPath.UniStr, true /*fCheckSlash*/))
-    {
-# ifndef VBOX_WITHOUT_HARDENING_INTEGRITY_CHECK
+# ifdef VBOX_WITHOUT_WINDOWS_KERNEL_CODE_SIGNING_CERT
+        /** @todo r=bird: Since extension packs are installed under
+         * g_SupLibHardenedAppBinNtPath and I'm pretty sure that everything loaded into
+         * a VBox VM process goes thru this validation step at DLL load time, this means
+         * only we can now sign extension packs.
+         *
+         * I suspect we have to relax the signing restrictions on the ExtensionPacks
+         * subdirectory to keep 3rd party extensions working.  */
+        fFlags |= SUPHNTVI_F_REQUIRE_BUILD_CERT | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
+# else
         fFlags |= SUPHNTVI_F_REQUIRE_KERNEL_CODE_SIGNING | SUPHNTVI_F_REQUIRE_SIGNATURE_ENFORCEMENT;
-# else
-        fFlags |= SUPHNTVI_F_REQUIRE_BUILD_CERT | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
 # endif
-    }
     else
-        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OWNER;
+        fFlags |= SUPHNTVI_F_ALLOW_CAT_FILE_VERIFICATION | SUPHNTVI_F_TRUSTED_INSTALLER_OR_SIMILAR_OWNER;
 #endif /* VBOX_PERMIT_EVEN_MORE */