Changeset 105016 in vbox

Timestamp:

Jun 25, 2024 10:28:21 AM (5 months ago)

Author:

vboxsync

Message:

doc/manual,include/VBox,Frontends/VBoxManage,HostServices/SharedFolders,
Main/{include,SharedFolder,Console,Machine,VirtualBox.xidl}: Add a
new attribute to ISharedFolder for specifying a symbolic link creation
policy to restrict the source pathname when creating symbolic links
within a guest. The symbolic link policies are represented by a new
enumeration of type SymlinkPolicy_T which includes values for no
restrictions ('any'), symlink sources only within the subtree of the
share ('subtree'), symlink sources as any relative path ('relative'),
and no symlinks allowed ('forbidden'). The symlink policy can only be
applied to permanent shared folders at this stage. bugref:10619

Location:

trunk

Files:

• doc/manual/en_US/man_VBoxManage-sharedfolder.xml (modified) (7 diffs)
• include/VBox/settings.h (modified) (1 diff)
• include/VBox/shflsvc.h (modified) (1 diff)
• src/VBox/Frontends/VBoxManage/VBoxManageInfo.cpp (modified) (4 diffs)
• src/VBox/Frontends/VBoxManage/VBoxManageMisc.cpp (modified) (4 diffs)
• src/VBox/HostServices/SharedFolders/Makefile.kmk (modified) (1 diff)
• src/VBox/HostServices/SharedFolders/VBoxSharedFoldersSvc.cpp (modified) (25 diffs)
• src/VBox/HostServices/SharedFolders/mappings.cpp (modified) (11 diffs)
• src/VBox/HostServices/SharedFolders/mappings.h (modified) (3 diffs)
• src/VBox/HostServices/SharedFolders/shfl.h (modified) (1 diff)
• src/VBox/HostServices/SharedFolders/testcase/Makefile.kmk (modified) (1 diff)
• src/VBox/HostServices/SharedFolders/testcase/tstSharedFolderService.cpp (modified) (6 diffs)
• src/VBox/HostServices/SharedFolders/testcase/tstSharedFolderService.h (modified) (1 diff)
• src/VBox/HostServices/SharedFolders/teststubs.h (modified) (1 diff)
• src/VBox/HostServices/SharedFolders/vbsf.cpp (modified) (3 diffs)
• src/VBox/HostServices/SharedFolders/vbsfpath.cpp (modified) (4 diffs)
• src/VBox/HostServices/SharedFolders/vbsfpath.h (modified) (1 diff)
• src/VBox/Main/idl/VirtualBox.xidl (modified) (4 diffs)
• src/VBox/Main/include/ConsoleSharedFolderImpl.h (modified) (3 diffs)
• src/VBox/Main/include/MachineImpl.h (modified) (1 diff)
• src/VBox/Main/include/SharedFolderImpl.h (modified) (4 diffs)
• src/VBox/Main/src-all/ConsoleSharedFolderImpl.cpp (modified) (4 diffs)
• src/VBox/Main/src-all/SharedFolderImpl.cpp (modified) (9 diffs)
• src/VBox/Main/src-client/ConsoleImpl.cpp (modified) (1 diff)
• src/VBox/Main/src-server/MachineImpl.cpp (modified) (4 diffs)
• src/VBox/Main/xml/Settings.cpp (modified) (5 diffs)
• src/VBox/Main/xml/VirtualBox-settings.xsd (modified) (2 diffs)

trunk/doc/manual/en_US/man_VBoxManage-sharedfolder.xml

@@ -42 +42 @@
   <refnamediv>
     <refname>VBoxManage-sharedfolder</refname>
-    <refpurpose>add and remove shared folders</refpurpose>
+    <refpurpose>add and remove shared folders, configure security policy for shared folders</refpurpose>
     <refclass>&product-name;</refclass>
   </refnamediv>
@@ -54 +54 @@
         <arg choice="plain"><replaceable>vmname</replaceable></arg>
       </group>
-      <arg choice="req">--name=<replaceable>name</replaceable></arg>
+      <arg choice="req">--name=<replaceable>share-name</replaceable></arg>
       <arg choice="req">--hostpath=<replaceable>hostpath</replaceable></arg>
       <arg>--readonly</arg>
@@ -68 +68 @@
         <arg choice="plain"><replaceable>vmname</replaceable></arg>
       </group>
-      <arg choice="req">--name=<replaceable>name</replaceable></arg>
+      <arg choice="req">--name=<replaceable>share-name</replaceable></arg>
       <arg>--transient</arg>
+    </cmdsynopsis>
+
+    <cmdsynopsis id="synopsis-vboxmanage-sharedfolder-modify">
+      <command>VBoxManage sharedfolder modify</command>
+      <group choice="req">
+        <arg choice="plain"><replaceable>uuid</replaceable></arg>
+        <arg choice="plain"><replaceable>vmname</replaceable></arg>
+      </group>
+      <arg choice="req">--name=<replaceable>share-name</replaceable></arg>
+      <arg choice="req">--symlink-policy=
+        <group choice="plain">
+          <arg choice="plain">forbidden</arg>
+          <arg choice="plain">subtree</arg>
+          <arg choice="plain">relative</arg>
+          <arg choice="plain">any</arg>
+        </group>
+      </arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -103 +120 @@
         </varlistentry>
         <varlistentry>
-          <term>--name=<replaceable>name</replaceable></term>
+          <term>--name=<replaceable>share-name</replaceable></term>
           <listitem><para>
               Specifies the name of the share, which is a unique name
@@ -178 +195 @@
         </varlistentry>
         <varlistentry>
-          <term>--name=<replaceable>name</replaceable></term>
+          <term>--name=<replaceable>share-name</replaceable></term>
           <listitem><para>
               Specifies the name of the share to remove.
@@ -193 +210 @@
       </variablelist>
     </refsect2>
+    <refsect2 id="vboxmanage-sharedfolder-modify">
+      <title>Modify a Shared Folder's Configuration</title>
+      <remark role="help-copy-synopsis"/>
+      <para>
+        The <command>VBoxManage sharedfolder modify</command> command
+        modifies the configuration of a Shared Folder.
+      </para>
+      <variablelist>
+        <varlistentry>
+          <term><option><replaceable>uuid</replaceable> | <replaceable>vmname</replaceable></option></term>
+          <listitem><para>
+              Specifies the name or UUID of the guest VM that shares a
+              folder with the host system.
+            </para></listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>--name=<replaceable>share-name</replaceable></term>
+          <listitem><para>
+              Specifies the name of the share to apply the security policy to.
+            </para></listitem>
+        </varlistentry>
+        <varlistentry>
+          <term>--symlink-policy=<replaceable>policy-name</replaceable></term>
+          <listitem><para>
+              Specifies the symbolic link security policy of the shared folder.
+              Valid symlink security policies are:
+                  <literal>forbidden</literal>, <literal>subtree</literal>,
+                  <literal>relative</literal>, and <literal>any</literal>.
+            </para></listitem>
+        </varlistentry>
+      </variablelist>
+    </refsect2>
   </refsect1>
 
@@ -199 +248 @@
     <remark role="help-scope" condition="GLOBAL" />
     <para>
-      The following command creates a shared folder called
-      <filename>o7share</filename> for the <filename>ol7</filename> VM.
-      The share is mounted automatically when the VM is started.
+      The following command creates a shared folder named
+      <filename>o7share</filename> for the <filename>ol7</filename> VM
+      and configures the share to be mounted automatically when the VM
+      is started.
     </para>
 <screen>$ VBoxManage sharedfolder add ol7 --name ol7share --hostpath "/home/user/ol7share" --automount</screen>
     <para>
-      The following command removes the shared folder called
-      <filename>o7share</filename> for the <filename>ol7</filename> VM.
+      The following command removes the shared folder named
+      <filename>o7share</filename> from the <filename>ol7</filename> VM.
     </para>
 <screen>$ VBoxManage sharedfolder remove ol7 --name ol7share</screen>

trunk/include/VBox/settings.h

@@ -1009 +1009 @@
     bool            fAutoMount;
     com::Utf8Str    strAutoMountPoint;
+    SymlinkPolicy_T enmSymlinkPolicy;
 };
 

trunk/include/VBox/shflsvc.h

@@ -2123 +2123 @@
 #define SHFL_ADD_MAPPING_F_MISSING          (RT_BIT_32(3))
 
-#define SHFL_CPARMS_ADD_MAPPING  (4)
+#define SHFL_CPARMS_ADD_MAPPING  (5)
 /** @} */
 

trunk/src/VBox/Frontends/VBoxManage/VBoxManageInfo.cpp

@@ -799 +799 @@
 }
 
+static const char *symlinkPolicyToName(SymlinkPolicy_T enmSymlinkPolicy)
+{
+    switch (enmSymlinkPolicy)
+    {
+        case SymlinkPolicy_AllowedToAnyTarget:
+            return ("any");
+        case SymlinkPolicy_AllowedInShareSubtree:
+            return ("subtree");
+        case SymlinkPolicy_AllowedToRelativeTargets:
+            return ("relative");
+        case SymlinkPolicy_Forbidden:
+            return("forbidden");
+        default:
+            return("none");
+    }
+}
+
 /** Shows a shared folder.   */
 static HRESULT showSharedFolder(ComPtr<ISharedFolder> &sf, VMINFO_DETAILS details, const char *pszDesc,
@@ -805 +822 @@
     Bstr name, hostPath, bstrAutoMountPoint;
     BOOL writable = FALSE, fAutoMount = FALSE;
+    SymlinkPolicy_T enmSymlinkPolicy = SymlinkPolicy_None;
     CHECK_ERROR2I_RET(sf, COMGETTER(Name)(name.asOutParam()), hrcCheck);
     CHECK_ERROR2I_RET(sf, COMGETTER(HostPath)(hostPath.asOutParam()), hrcCheck);
@@ -810 +828 @@
     CHECK_ERROR2I_RET(sf, COMGETTER(AutoMount)(&fAutoMount), hrcCheck);
     CHECK_ERROR2I_RET(sf, COMGETTER(AutoMountPoint)(bstrAutoMountPoint.asOutParam()), hrcCheck);
+    CHECK_ERROR2I_RET(sf, COMGETTER(SymlinkPolicy)(&enmSymlinkPolicy), hrcCheck);
 
     if (fFirst && details != VMINFO_MACHINEREADABLE)
@@ -824 +843 @@
                  name.raw(), hostPath.raw(), pszDesc, writable ? Info::tr("writable") : Info::tr("readonly"),
                  fAutoMount ? Info::tr(", auto-mount") : "");
+        if (enmSymlinkPolicy != SymlinkPolicy_None)
+            RTPrintf(Info::tr(", symlink-policy: %s"), symlinkPolicyToName(enmSymlinkPolicy));
         if (bstrAutoMountPoint.isNotEmpty())
             RTPrintf(Info::tr(", mount-point: '%ls'\n"), bstrAutoMountPoint.raw());

trunk/src/VBox/Frontends/VBoxManage/VBoxManageMisc.cpp

@@ -1637 +1637 @@
             case VINF_GETOPT_NOT_OPTION:
                 if (pszMachineName)
-                    return errorArgument(Misc::tr("Machine name is given more than once: first '%s', then '%s'"),
+                    return errorArgument(Misc::tr("Machine name given more than once: first '%s', then '%s'"),
                                          pszMachineName, ValueUnion.psz);
                 pszMachineName = ValueUnion.psz;
@@ -1749 +1749 @@
             case VINF_GETOPT_NOT_OPTION:
                 if (pszMachineName)
-                    return errorArgument(Misc::tr("Machine name is given more than once: first '%s', then '%s'"),
+                    return errorArgument(Misc::tr("Machine name given more than once: first '%s', then '%s'"),
                                          pszMachineName, ValueUnion.psz);
                 pszMachineName = ValueUnion.psz;
@@ -1810 +1810 @@
 }
 
+static SymlinkPolicy_T nameToSymlinkPolicy(const char *pszName)
+{
+    if (!RTStrICmp(pszName, "forbidden"))
+        return SymlinkPolicy_Forbidden;
+    if (!RTStrICmp(pszName, "subtree"))
+        return SymlinkPolicy_AllowedInShareSubtree;
+    if (!RTStrICmp(pszName, "relative"))
+        return SymlinkPolicy_AllowedToRelativeTargets;
+    if (!RTStrICmp(pszName, "any"))
+        return SymlinkPolicy_AllowedToAnyTarget;
+
+    return SymlinkPolicy_None;
+}
+
+/**
+ * modify shared folder properties
+ */
+static RTEXITCODE handleSharedFolderModify(HandlerArg *a)
+{
+    /*
+     * Parse arguments (argv[0] == subcommand).
+     */
+    static const RTGETOPTDEF s_aModifyOptions[] =
+    {
+        { "--name",             'n', RTGETOPT_REQ_STRING },
+        { "-name",              'n', RTGETOPT_REQ_STRING },     // deprecated
+        { "--transient",        't', RTGETOPT_REQ_NOTHING },
+        { "-transient",         't', RTGETOPT_REQ_NOTHING },    // deprecated
+        { "--symlink-policy",   's', RTGETOPT_REQ_STRING },
+        { "-symlink-policy",    's', RTGETOPT_REQ_STRING },     // deprecated
+    };
+    const char *pszMachineName    = NULL;
+    const char *pszName           = NULL;
+    bool        fTransient        = false;
+    SymlinkPolicy_T enmSymlinkPolicy = SymlinkPolicy_None;
+
+    RTGETOPTSTATE GetState;
+    RTGetOptInit(&GetState, a->argc, a->argv, s_aModifyOptions, RT_ELEMENTS(s_aModifyOptions), 1 /*iFirst*/, 0 /*fFlags*/);
+    int c;
+    RTGETOPTUNION ValueUnion;
+    while ((c = RTGetOpt(&GetState, &ValueUnion)))
+    {
+        switch (c)
+        {
+            case 'n':
+                pszName = ValueUnion.psz;
+                break;
+            case 't':
+                fTransient = true;
+                break;
+            case 's':
+                enmSymlinkPolicy = nameToSymlinkPolicy(ValueUnion.psz);
+                if (enmSymlinkPolicy == SymlinkPolicy_None)
+                    return errorArgument(Misc::tr("Invalid --symlink-policy argument '%s'"), ValueUnion.psz);
+                break;
+            case VINF_GETOPT_NOT_OPTION:
+                if (pszMachineName)
+                    return errorArgument(Misc::tr("Machine name given more than once: first '%s', then '%s'"),
+                                         pszMachineName, ValueUnion.psz);
+                pszMachineName = ValueUnion.psz;
+                break;
+            default:
+                return errorGetOpt(c, &ValueUnion);
+        }
+    }
+
+    if (!pszMachineName)
+        return errorSyntax(Misc::tr("No machine was specified"));
+    if (!pszName)
+        return errorSyntax(Misc::tr("No shared folder name (--name) was supplied."));
+
+    /* the only supported option at the moment so it must be set */
+    if (enmSymlinkPolicy == SymlinkPolicy_None)
+        return errorSyntax(Misc::tr("No symbolic link policy (--symlink-policy) was supplied."));
+
+    /*
+     * Done parsing, do some real work.
+     */
+    ComPtr<IMachine> ptrMachine;
+    CHECK_ERROR2I_RET(a->virtualBox, FindMachine(Bstr(pszMachineName).raw(), ptrMachine.asOutParam()), RTEXITCODE_FAILURE);
+    AssertReturn(ptrMachine.isNotNull(), RTEXITCODE_FAILURE);
+
+    HRESULT hrc;
+    if (fTransient)
+    {
+        /* open an existing session for the VM */
+        CHECK_ERROR_RET(ptrMachine, LockMachine(a->session, LockType_Shared), RTEXITCODE_FAILURE);
+
+        /* get the session machine */
+        ComPtr<IMachine> ptrSessionMachine;
+        CHECK_ERROR_RET(a->session, COMGETTER(Machine)(ptrSessionMachine.asOutParam()), RTEXITCODE_FAILURE);
+
+        /* get the session console */
+        ComPtr<IConsole> ptrConsole;
+        CHECK_ERROR_RET(a->session, COMGETTER(Console)(ptrConsole.asOutParam()), RTEXITCODE_FAILURE);
+        if (ptrConsole.isNull())
+            return RTMsgErrorExit(RTEXITCODE_FAILURE, Misc::tr("Machine '%s' is not currently running.\n"), pszMachineName);
+
+        /* find the desired transient shared folder to modify */
+        com::SafeIfaceArray <ISharedFolder> sharedFolders;
+        CHECK_ERROR_RET(ptrConsole, COMGETTER(SharedFolders)(ComSafeArrayAsOutParam(sharedFolders)), RTEXITCODE_FAILURE);
+        if (sharedFolders.size() == 0)
+            return RTMsgErrorExit(RTEXITCODE_FAILURE, Misc::tr("Machine '%s' has no transient shared folders configured.\n"),
+                                  pszMachineName);
+
+        bool fFound = false;
+        for (size_t i = 0; i < sharedFolders.size(); ++i)
+        {
+            ComPtr<ISharedFolder> sharedFolder = sharedFolders[i];
+            Bstr bstrSharedFolderName;
+            CHECK_ERROR_RET(sharedFolder, COMGETTER(Name)(bstrSharedFolderName.asOutParam()), RTEXITCODE_FAILURE);
+            Utf8Str strSharedFolderName(bstrSharedFolderName);
+            if (!RTStrCmp(strSharedFolderName.c_str(), pszName))
+            {
+                CHECK_ERROR_RET(sharedFolder, COMSETTER(SymlinkPolicy)(enmSymlinkPolicy), RTEXITCODE_FAILURE);
+                fFound = true;
+                break;
+            }
+        }
+        if (!fFound)
+            return RTMsgErrorExit(RTEXITCODE_FAILURE, Misc::tr("Could not find a transient shared folder named '%s'.\n"),
+                                  pszName);
+
+        CHECK_ERROR_RET(a->session, UnlockMachine(), RTEXITCODE_FAILURE);
+    }
+    else
+    {
+        /* open a session for the VM */
+        CHECK_ERROR_RET(ptrMachine, LockMachine(a->session, LockType_Write), RTEXITCODE_FAILURE);
+
+        /* get the mutable session machine */
+        ComPtr<IMachine> ptrSessionMachine;
+        CHECK_ERROR_RET(a->session, COMGETTER(Machine)(ptrSessionMachine.asOutParam()), RTEXITCODE_FAILURE);
+
+        /* find the desired shared folder to modify */
+        com::SafeIfaceArray <ISharedFolder> sharedFolders;
+        CHECK_ERROR_RET(ptrSessionMachine, COMGETTER(SharedFolders)(ComSafeArrayAsOutParam(sharedFolders)), RTEXITCODE_FAILURE);
+        if (sharedFolders.size() == 0)
+            return RTMsgErrorExit(RTEXITCODE_FAILURE, Misc::tr("Machine '%s' has no shared folders configured.\n"),
+                                  pszMachineName);
+
+        bool fFound = false;
+        for (size_t i = 0; i < sharedFolders.size(); ++i)
+        {
+            ComPtr<ISharedFolder> sharedFolder = sharedFolders[i];
+            Bstr bstrSharedFolderName;
+            CHECK_ERROR_RET(sharedFolder, COMGETTER(Name)(bstrSharedFolderName.asOutParam()), RTEXITCODE_FAILURE);
+            Utf8Str strSharedFolderName(bstrSharedFolderName);
+            if (!RTStrCmp(strSharedFolderName.c_str(), pszName))
+            {
+                CHECK_ERROR_RET(sharedFolder, COMSETTER(SymlinkPolicy)(enmSymlinkPolicy), RTEXITCODE_FAILURE);
+                fFound = true;
+                break;
+            }
+        }
+        if (!fFound)
+            return RTMsgErrorExit(RTEXITCODE_FAILURE, Misc::tr("Could not find a shared folder named '%s'.\n"), pszName);
+
+        /* commit and close the session */
+        if (SUCCEEDED(hrc))
+            CHECK_ERROR(ptrSessionMachine, SaveSettings());
+
+        CHECK_ERROR_RET(a->session, UnlockMachine(), RTEXITCODE_FAILURE);
+    }
+
+    return SUCCEEDED(hrc) ? RTEXITCODE_SUCCESS : RTEXITCODE_FAILURE;
+}
 
 RTEXITCODE handleSharedFolder(HandlerArg *a)
@@ -1826 +1993 @@
         setCurrentSubcommand(HELP_SCOPE_SHAREDFOLDER_REMOVE);
         return handleSharedFolderRemove(a);
+    }
+
+    if (!strcmp(a->argv[0], "modify"))
+    {
+        setCurrentSubcommand(HELP_SCOPE_SHAREDFOLDER_MODIFY);
+        return handleSharedFolderModify(a);
     }
 

trunk/src/VBox/HostServices/SharedFolders/Makefile.kmk

@@ -39 +39 @@
 VBoxSharedFolders_NAME.os2  = VBoxSFld
 VBoxSharedFolders_DEFS      = VBOX_WITH_HGCM RTSHFL
+ifneq ($(KBUILD_TARGET),win)
+ VBoxSharedFolders_DEFS    += VBOX_WITH_XPCOM
+ VBoxSharedFolders_INCS     = $(VBOX_XPCOM_INCS)
+endif
 VBoxSharedFolders_INCS.win  = \
-        $(VBOX_PATH_SDK)
+        $(VBOX_PATH_SDK) \
+        $(VBOX_PATH_SDK)/bindings/mscom/include
 
 VBoxSharedFolders_LDFLAGS.darwin = \

trunk/src/VBox/HostServices/SharedFolders/VBoxSharedFoldersSvc.cpp

@@ -164 +164 @@
 
 
-static DECLCALLBACK(int) svcUnload (void *)
+static DECLCALLBACK(int) svcUnload(void *)
 {
     int rc = VINF_SUCCESS;
@@ -176 +176 @@
 }
 
-static DECLCALLBACK(int) svcConnect (void *, uint32_t u32ClientID, void *pvClient, uint32_t fRequestor, bool fRestoring)
+static DECLCALLBACK(int) svcConnect(void *, uint32_t u32ClientID, void *pvClient, uint32_t fRequestor, bool fRestoring)
 {
     RT_NOREF(u32ClientID, fRequestor, fRestoring);
@@ -187 +187 @@
 }
 
-static DECLCALLBACK(int) svcDisconnect (void *, uint32_t u32ClientID, void *pvClient)
+static DECLCALLBACK(int) svcDisconnect(void *, uint32_t u32ClientID, void *pvClient)
 {
     RT_NOREF1(u32ClientID);
@@ -455 +455 @@
 }
 
-static DECLCALLBACK(void) svcCall (void *, VBOXHGCMCALLHANDLE callHandle, uint32_t u32ClientID, void *pvClient,
-                                   uint32_t u32Function, uint32_t cParms, VBOXHGCMSVCPARM paParms[], uint64_t tsArrival)
+static DECLCALLBACK(void) svcCall(void *, VBOXHGCMCALLHANDLE callHandle, uint32_t u32ClientID, void *pvClient,
+                                  uint32_t u32Function, uint32_t cParms, VBOXHGCMSVCPARM paParms[], uint64_t tsArrival)
 {
     RT_NOREF(u32ClientID, tsArrival);
@@ -618 +618 @@
                    )
                 {
-                    AssertMsgFailed (("Invalid parameters cbPath or cbParms (%x, %x - expected >=%x, %x)\n",
+                    AssertMsgFailed(("Invalid parameters cbPath or cbParms (%x, %x - expected >=%x, %x)\n",
                                       cbPath, cbParms, sizeof(SHFLSTRING), sizeof (SHFLCREATEPARMS)));
                     rc = VERR_INVALID_PARAMETER;
@@ -631 +631 @@
 
                     /* Execute the function. */
-                    rc = vbsfCreate (pClient, root, pPath, cbPath, pParms);
+                    rc = vbsfCreate(pClient, root, pPath, cbPath, pParms);
 
                     if (RT_SUCCESS(rc))
@@ -680 +680 @@
                 {
                     /* Execute the function. */
-                    rc = vbsfClose (pClient, root, Handle);
+                    rc = vbsfClose(pClient, root, Handle);
 
                     if (RT_SUCCESS(rc))
@@ -845 +845 @@
                      *       completed, the another thread must call
                      *
-                     *           g_pHelpers->pfnCallComplete (callHandle, rc);
+                     *           g_pHelpers->pfnCallComplete(callHandle, rc);
                      *
                      * The operation is async.
@@ -939 +939 @@
 
                     /* Execute the function. */
-                    rc = vbsfDirList (pClient, root, Handle, pPath, flags, &length, pBuffer, &resumePoint, &cFiles);
+                    rc = vbsfDirList(pClient, root, Handle, pPath, flags, &length, pBuffer, &resumePoint, &cFiles);
 
                     if (g_pStatusLed)
@@ -1002 +1002 @@
                 {
                     /* Execute the function. */
-                    rc = vbsfReadLink (pClient, root, pPath, cbPath, pBuffer, cbBuffer);
+                    rc = vbsfReadLink(pClient, root, pPath, cbPath, pBuffer, cbBuffer);
 
                     if (RT_SUCCESS(rc))
@@ -1048 +1048 @@
                 {
                     /* Execute the function. */
-                    rc = vbsfMapFolder (pClient, pszMapName, delimiter, false,  &root);
+                    rc = vbsfMapFolder(pClient, pszMapName, delimiter, false,  &root);
 
                     if (RT_SUCCESS(rc))
@@ -1118 +1118 @@
                 /* Execute the function. */
                 if (RT_SUCCESS(rc))
-                    rc = vbsfMapFolder (pClient, pszMapName, delimiter, fCaseSensitive, &root);
+                    rc = vbsfMapFolder(pClient, pszMapName, delimiter, fCaseSensitive, &root);
 
                 if (RT_SUCCESS(rc))
@@ -1156 +1156 @@
 
                 /* Execute the function. */
-                rc = vbsfUnmapFolder (pClient, root);
+                rc = vbsfUnmapFolder(pClient, root);
 
                 if (RT_SUCCESS(rc))
@@ -1208 +1208 @@
                     if (flags & SHFL_INFO_SET)
                     {
-                        rc = vbsfSetFSInfo (pClient, root, Handle, flags, &length, pBuffer);
+                        rc = vbsfSetFSInfo(pClient, root, Handle, flags, &length, pBuffer);
 
                         if (flags & SHFL_INFO_FILE)
@@ -1223 +1223 @@
                     else /* SHFL_INFO_GET */
                     {
-                        rc = vbsfQueryFSInfo (pClient, root, Handle, flags, &length, pBuffer);
+                        rc = vbsfQueryFSInfo(pClient, root, Handle, flags, &length, pBuffer);
 
                         if (flags & SHFL_INFO_FILE)
@@ -1339 +1339 @@
                 {
                     /* Execute the function. */
-                    rc = vbsfRename (pClient, root, pSrc, pDest, flags);
+                    rc = vbsfRename(pClient, root, pSrc, pDest, flags);
                     if (RT_SUCCESS(rc))
                     {
@@ -1389 +1389 @@
                     /* Execute the function. */
 
-                    rc = vbsfFlush (pClient, root, Handle);
+                    rc = vbsfFlush(pClient, root, Handle);
 
                     if (RT_SUCCESS(rc))
@@ -1447 +1447 @@
                 {
                     /* Execute the function. */
-                    rc = vbsfSymlink (pClient, root, pNewPath, pOldPath, pInfo);
+                    rc = vbsfSymlink(pClient, root, pNewPath, pOldPath, pInfo);
                     if (RT_SUCCESS(rc))
                     {
@@ -1646 +1646 @@
          * it was processed synchronously.
          */
-        g_pHelpers->pfnCallComplete (callHandle, rc);
+        g_pHelpers->pfnCallComplete(callHandle, rc);
     }
 
@@ -1668 +1668 @@
  * security reasons.
  */
-static DECLCALLBACK(int) svcHostCall (void *, uint32_t u32Function, uint32_t cParms, VBOXHGCMSVCPARM paParms[])
+static DECLCALLBACK(int) svcHostCall(void *, uint32_t u32Function, uint32_t cParms, VBOXHGCMSVCPARM paParms[])
 {
     int rc = VINF_SUCCESS;
@@ -1700 +1700 @@
                  || paParms[2].type != VBOX_HGCM_SVC_PARM_32BIT   /* fFlags */
                  || paParms[3].type != VBOX_HGCM_SVC_PARM_PTR     /* auto mount point */
+                 || paParms[4].type != VBOX_HGCM_SVC_PARM_32BIT   /* symlink policy */
                 )
         {
@@ -1711 +1712 @@
             uint32_t fFlags             = paParms[2].u.uint32;
             SHFLSTRING *pAutoMountPoint = (SHFLSTRING *)paParms[3].u.pointer.addr;
+            SymlinkPolicy_T enmSymlinkPolicy = (SymlinkPolicy_T)paParms[4].u.uint32;
 
             /* Verify parameters values. */
@@ -1741 +1743 @@
                                          RT_BOOL(fFlags & SHFL_ADD_MAPPING_F_CREATE_SYMLINKS),
                                          RT_BOOL(fFlags & SHFL_ADD_MAPPING_F_MISSING),
-                                         /* fPlaceholder = */ false);
+                                         /* fPlaceholder = */ false,
+                                         enmSymlinkPolicy);
                     if (RT_SUCCESS(rc))
                     {
@@ -1785 +1788 @@
             {
                 /* Execute the function. */
-                rc = vbsfMappingsRemove (pString);
+                rc = vbsfMappingsRemove(pString);
 
                 if (RT_SUCCESS(rc))
@@ -1844 +1847 @@
 }
 
-extern "C" DECLCALLBACK(DECLEXPORT(int)) VBoxHGCMSvcLoad (VBOXHGCMSVCFNTABLE *ptable)
+extern "C" DECLCALLBACK(DECLEXPORT(int)) VBoxHGCMSvcLoad(VBOXHGCMSVCFNTABLE *ptable)
 {
     int rc = VINF_SUCCESS;

trunk/src/VBox/HostServices/SharedFolders/mappings.cpp

@@ -186 +186 @@
     return vbsfMappingsAdd(pLoadedMapping->pszFolderName, pLoadedMapping->pMapName,
                            pLoadedMapping->fWritable, pLoadedMapping->fAutoMount, pLoadedMapping->pAutoMountPoint,
-                           pLoadedMapping->fSymlinksCreate, /* fMissing = */ true, /* fPlaceholder = */ true);
+                           pLoadedMapping->fSymlinksCreate, /* fMissing = */ true, /* fPlaceholder = */ true,
+                           pLoadedMapping->enmSymlinkPolicy);
 }
 
@@ -340 +341 @@
  */
 int vbsfMappingsAdd(const char *pszFolderName, PSHFLSTRING pMapName, bool fWritable,
-                    bool fAutoMount, PSHFLSTRING pAutoMountPoint, bool fSymlinksCreate, bool fMissing, bool fPlaceholder)
+                    bool fAutoMount, PSHFLSTRING pAutoMountPoint, bool fSymlinksCreate, bool fMissing, bool fPlaceholder,
+                    SymlinkPolicy_T enmSymlinkPolicy)
 {
     unsigned i;
@@ -369 +371 @@
     for (i = 0; i < SHFL_MAX_MAPPINGS; i++)
     {
-        if (g_FolderMapping[i].fValid == false)
+        if (!g_FolderMapping[i].fValid)
         {
             /* Make sure the folder name is an absolute path, otherwise we're
@@ -398 +400 @@
             g_FolderMapping[i].fPlaceholder    = fPlaceholder;
             g_FolderMapping[i].fLoadedRootId   = false;
+            g_FolderMapping[i].enmSymlinkPolicy = enmSymlinkPolicy;
 
             /* Check if the host file system is case sensitive */
@@ -446 +449 @@
     for (unsigned i = 0; i < SHFL_MAX_MAPPINGS; i++)
     {
-        if (g_FolderMapping[i].fValid == true)
+        if (g_FolderMapping[i].fValid)
         {
             if (!RTUtf16LocaleICmp(g_FolderMapping[i].pMapName->String.utf16, pMapName->String.utf16))
@@ -599 +602 @@
 int vbsfMappingsQueryName(PSHFLCLIENTDATA pClient, SHFLROOT root, SHFLSTRING *pString)
 {
-    LogFlow(("vbsfMappingsQuery: pClient = %p, root = %d, *pString = %p\n", pClient, root, pString));
+    LogFlow(("vbsfMappingsQueryName: pClient = %p, root = %d, *pString = %p\n", pClient, root, pString));
 
     int rc;
@@ -633 +636 @@
         rc = VERR_INVALID_PARAMETER;
 
-    LogFlow(("vbsfMappingsQuery:Name return rc = %Rrc\n", rc));
+    LogFlow(("vbsfMappingsQueryName returns rc = %Rrc\n", rc));
     return rc;
 }
@@ -655 +658 @@
         rc = VERR_FILE_NOT_FOUND;
 
-    LogFlow(("vbsfMappingsQuery:Writable return rc = %Rrc\n", rc));
+    LogFlow(("vbsfMappingsQueryWritable returns rc = %Rrc\n", rc));
 
     return rc;
@@ -670 +673 @@
     AssertReturn(pFolderMapping, VERR_INVALID_PARAMETER);
 
-    if (pFolderMapping->fValid == true)
+    if (pFolderMapping->fValid)
         *fAutoMount = pFolderMapping->fAutoMount;
     else
         rc = VERR_FILE_NOT_FOUND;
 
-    LogFlow(("vbsfMappingsQueryAutoMount:Writable return rc = %Rrc\n", rc));
+    LogFlow(("vbsfMappingsQueryAutoMount returns rc = %Rrc\n", rc));
 
     return rc;
@@ -685 +688 @@
     int rc = VINF_SUCCESS;
 
-    LogFlow(("vbsfMappingsQueryAutoMount: pClient = %p, root = %d\n", pClient, root));
+    LogFlow(("vbsfMappingsQuerySymlinksCreate: pClient = %p, root = %d\n", pClient, root));
 
     MAPPING *pFolderMapping = vbsfMappingGetByRoot(root);
     AssertReturn(pFolderMapping, VERR_INVALID_PARAMETER);
 
-    if (pFolderMapping->fValid == true)
+    if (pFolderMapping->fValid)
         *fSymlinksCreate = pFolderMapping->fSymlinksCreate;
     else
         rc = VERR_FILE_NOT_FOUND;
 
-    LogFlow(("vbsfMappingsQueryAutoMount:SymlinksCreate return rc = %Rrc\n", rc));
+    LogFlow(("vbsfMappingsQuerySymlinksCreate returns rc = %Rrc\n", rc));
+
+    return rc;
+}
+
+int vbsfMappingsQuerySymlinkPolicy(PSHFLCLIENTDATA pClient, SHFLROOT root, SymlinkPolicy_T *enmSymlinkPolicy)
+{
+    RT_NOREF1(pClient);
+    int rc = VINF_SUCCESS;
+
+    LogFlow(("vbsfMappingsQuerySymlinkPolicy: pClient = %p, root = %d\n", pClient, root));
+
+    MAPPING *pFolderMapping = vbsfMappingGetByRoot(root);
+    AssertReturn(pFolderMapping, VERR_INVALID_PARAMETER);
+
+    if (pFolderMapping->fValid)
+        *enmSymlinkPolicy = pFolderMapping->enmSymlinkPolicy;
+    else
+        rc = VERR_FILE_NOT_FOUND;
+
+    LogFlow(("vbsfMappingsQuerySymlinkPolicy returns rc = %Rrc\n", rc));
 
     return rc;
@@ -879 +902 @@
         return VERR_FILE_NOT_FOUND;
     }
-    Assert(pFolderMapping->fValid == true && pFolderMapping->cMappings > 0);
+    Assert(pFolderMapping->fValid && pFolderMapping->cMappings > 0);
 
     AssertLogRelReturn(root < RT_ELEMENTS(pClient->acMappings), VERR_INTERNAL_ERROR);

trunk/src/VBox/HostServices/SharedFolders/mappings.h

@@ -52 +52 @@
                                              still has. fMissing is always true for this mapping. */
     bool        fLoadedRootId;          /**< Set if vbsfMappingLoaded has found this mapping already. */
+    SymlinkPolicy_T enmSymlinkPolicy;   /**< Symbolic link creation policy within the guest. */
 } MAPPING;
 /** Pointer to a MAPPING structure. */
@@ -61 +62 @@
 
 int vbsfMappingsAdd(const char *pszFolderName, PSHFLSTRING pMapName, bool fWritable,
-                    bool fAutoMount, PSHFLSTRING pAutoMountPoint, bool fCreateSymlinks, bool fMissing, bool fPlaceholder);
+                    bool fAutoMount, PSHFLSTRING pAutoMountPoint, bool fCreateSymlinks, bool fMissing, bool fPlaceholder,
+                    SymlinkPolicy_T enmSymlinkPolicy);
 int vbsfMappingsRemove(PSHFLSTRING pMapName);
 
@@ -69 +71 @@
 int vbsfMappingsQueryAutoMount(PSHFLCLIENTDATA pClient, SHFLROOT root, bool *fAutoMount);
 int vbsfMappingsQuerySymlinksCreate(PSHFLCLIENTDATA pClient, SHFLROOT root, bool *fSymlinksCreate);
+int vbsfMappingsQuerySymlinkPolicy(PSHFLCLIENTDATA pClient, SHFLROOT root, SymlinkPolicy_T *enmSymlinkPolicy);
 int vbsfMappingsQueryInfo(PSHFLCLIENTDATA pClient, SHFLROOT root, PSHFLSTRING pNameBuf, PSHFLSTRING pMntPtBuf,
                           uint64_t *pfFlags, uint32_t *puVersion);

trunk/src/VBox/HostServices/SharedFolders/shfl.h

@@ -36 +36 @@
 
 #include <VBox/log.h>
+#include <VBox/com/VirtualBox.h> /* For SymlinkPolicy_T. */
 
 /** Shared Folders client flags.

trunk/src/VBox/HostServices/SharedFolders/testcase/Makefile.kmk

@@ -69 +69 @@
  tstSharedFolderService_DEFS    = VBOX_WITH_HGCM UNITTEST
  tstSharedFolderService_INCS    = ..
+ ifneq ($(KBUILD_TARGET),win)
+  tstSharedFolderService_DEFS  += VBOX_WITH_XPCOM
+  tstSharedFolderService_INCS  += $(VBOX_XPCOM_INCS)
+ endif
+ tstSharedFolderService_INCS.win += $(VBOX_PATH_SDK)/bindings/mscom/include
  tstSharedFolderService_SOURCES = \
         tstSharedFolderService.cpp \

trunk/src/VBox/HostServices/SharedFolders/testcase/tstSharedFolderService.cpp

@@ -587 +587 @@
 }
 
+extern int testRTSymlinkCreate(const char *pszSymlink, const char *pszTarget, RTSYMLINKTYPE enmType, uint32_t fCreate)
+{
+    if (g_fFailIfNotLowercase && !RTStrIsLowerCased(strpbrk(pszSymlink, "/\\")))
+        return VERR_FILE_NOT_FOUND;
+    RT_NOREF4(pszSymlink, pszTarget, enmType, fCreate);
+    return 0;
+}
+
 
 /*********************************************************************************************************************************
@@ -678 +686 @@
 }
 
+static void fillTestShflStringUtf8(union TESTSHFLSTRING *pDest,
+                                   const char *pcszSource)
+{
+    const size_t cchSource = strlen(pcszSource);
+    AssertRelease(  cchSource * 2 + 2
+                  < sizeof(*pDest) - RT_UOFFSETOF(SHFLSTRING, String));
+    pDest->string.u16Length = (uint16_t)cchSource;
+    pDest->string.u16Size   = pDest->string.u16Length + 1;
+    memcpy(pDest->string.String.utf8, pcszSource, pDest->string.u16Size);
+}
+
 static SHFLROOT initWithWritableMapping(RTTEST hTest,
                                         VBOXHGCMSVCFNTABLE *psvcTable,
@@ -683 +702 @@
                                         const char *pcszFolderName,
                                         const char *pcszMapping,
-                                        bool fCaseSensitive = true)
+                                        bool fCaseSensitive = true,
+                                        SymlinkPolicy_T enmSymlinkPolicy = SymlinkPolicy_AllowedToAnyTarget)
 {
     VBOXHGCMSVCPARM aParms[RT_MAX(SHFL_CPARMS_ADD_MAPPING,
@@ -706 +726 @@
     HGCMSvcSetPv(&aParms[1], &Mapping,   RT_UOFFSETOF(SHFLSTRING, String)
                                    + Mapping.string.u16Size);
-    HGCMSvcSetU32(&aParms[2], 1);
+    HGCMSvcSetU32(&aParms[2], SHFL_ADD_MAPPING_F_WRITABLE | SHFL_ADD_MAPPING_F_CREATE_SYMLINKS);
     HGCMSvcSetPv(&aParms[3], &AutoMountPoint, SHFLSTRING_HEADER_SIZE + AutoMountPoint.string.u16Size);
+    HGCMSvcSetU32(&aParms[4], enmSymlinkPolicy);
     rc = psvcTable->pfnHostCall(psvcTable->pvService, SHFL_FN_ADD_MAPPING,
                                 SHFL_CPARMS_ADD_MAPPING, aParms);
@@ -774 +795 @@
         *pResult = CreateParms.Result;
     return VINF_SUCCESS;
+}
+
+static int createSymlink(VBOXHGCMSVCFNTABLE *psvcTable, SHFLROOT Root,
+                         const char *pcszSourcePath, const char *pcszSymlinkPath)
+{
+    VBOXHGCMSVCPARM aParms[SHFL_CPARMS_SYMLINK];
+    union TESTSHFLSTRING sourcePath;
+    union TESTSHFLSTRING symlinkPath;
+    SHFLFSOBJINFO ObjInfo;
+    VBOXHGCMCALLHANDLE_TYPEDEF callHandle = { VINF_SUCCESS };
+
+    /* vbsfSymlink() only supports UTF-8 */
+    fillTestShflStringUtf8(&sourcePath, pcszSourcePath);
+    fillTestShflStringUtf8(&symlinkPath, pcszSymlinkPath);
+    psvcTable->pfnCall(psvcTable->pvService, &callHandle, 0,
+                       psvcTable->pvService, SHFL_FN_SET_UTF8,
+                       RT_ELEMENTS(aParms), aParms, 0);
+
+    RT_ZERO(ObjInfo);
+    HGCMSvcSetU32(&aParms[0], Root);
+    HGCMSvcSetPv(&aParms[1], &symlinkPath,  RT_UOFFSETOF(SHFLSTRING, String)
+                                + symlinkPath.string.u16Size);
+    HGCMSvcSetPv(&aParms[2], &sourcePath,   RT_UOFFSETOF(SHFLSTRING, String)
+                                + sourcePath.string.u16Size);
+    HGCMSvcSetPv(&aParms[3], &ObjInfo, sizeof(ObjInfo));
+    psvcTable->pfnCall(psvcTable->pvService, &callHandle, 0,
+                       psvcTable->pvService, SHFL_FN_SYMLINK,
+                       RT_ELEMENTS(aParms), aParms, 0);
+    return callHandle.rc;
 }
 
@@ -1006 +1056 @@
 }
 
+static int testSymlinkCreationForSpecificPolicy(RTTEST hTest, SymlinkPolicy_T enmSymlinkPolicy)
+{
+    VBOXHGCMSVCFNTABLE  svcTable;
+    VBOXHGCMSVCHELPERS  svcHelpers;
+    SHFLROOT Root;
+    const RTFILE hFile = (RTFILE) 0x10000;
+    SHFLCREATERESULT Result;
+    int rc;
+
+    Root = initWithWritableMapping(hTest, &svcTable, &svcHelpers,
+                                   "/test/mapping", "testname",
+                                   true, enmSymlinkPolicy);
+    g_testRTFileOpen_hFile = hFile;
+    rc = createFile(&svcTable, Root, "file", SHFL_CF_ACCESS_READ, NULL, &Result);
+    RTTEST_CHECK_RC_OK(hTest, rc);
+    RTTEST_CHECK_MSG(hTest,
+                     !strcmp(&g_testRTFileOpen_szName[RTPATH_STYLE == RTPATH_STR_F_STYLE_DOS ? 2 : 0],
+                             "/test/mapping/file"),
+                     (hTest, "pszFilename=%s\n", &g_testRTFileOpen_szName[RTPATH_STYLE == RTPATH_STR_F_STYLE_DOS ? 2 : 0]));
+    RTTEST_CHECK_MSG(hTest, g_testRTFileOpen_fOpen == 0x181,
+                     (hTest, "fOpen=%llu\n", LLUIFY(g_testRTFileOpen_fOpen)));
+    RTTEST_CHECK_MSG(hTest, Result == SHFL_FILE_CREATED,
+                     (hTest, "Result=%d\n", (int)Result));
+
+    /* regular symlink creation should succeed unless no symlinks allowed */
+    rc = createSymlink(&svcTable, Root, "file", "symlink");
+    if (enmSymlinkPolicy == SymlinkPolicy_Forbidden)
+        RTTEST_CHECK_MSG(hTest, rc == VERR_WRITE_PROTECT,
+                         (hTest, "enmSymlinkPolicy=SymlinkPolicy_Forbidden 'ln -s file symlink' failed: rc=%Rrc\n", rc));
+    else
+        RTTEST_CHECK_RC_OK(hTest, rc);
+
+    /* absolute path to symlink sources only allowed for the 'any' policy */
+    rc = createSymlink(&svcTable, Root, "/path/to/file", "abs-symlink");
+    if (enmSymlinkPolicy == SymlinkPolicy_AllowedToAnyTarget)
+        RTTEST_CHECK_RC_OK(hTest, rc);
+    else
+        RTTEST_CHECK_MSG(hTest, rc == VERR_WRITE_PROTECT,
+                         (hTest, "enmSymlinkPolicy=%d 'ln -s file /absolute/path/symlink' failed: rc=%Rrc\n",
+                         enmSymlinkPolicy, rc));
+
+    /* relative path symlink sources with '..' components allowed only with 'relative' policy */
+    rc = createSymlink(&svcTable, Root, "./directory/../file", "rel-symlink");
+    if (   enmSymlinkPolicy == SymlinkPolicy_Forbidden
+        || enmSymlinkPolicy == SymlinkPolicy_AllowedInShareSubtree)
+        RTTEST_CHECK_MSG(hTest, rc == VERR_WRITE_PROTECT,
+                         (hTest, "enmSymlinkPolicy=%d 'ln -s ./path/../symlink' failed: rc=%Rrc\n",
+                         enmSymlinkPolicy, rc));
+    else
+        RTTEST_CHECK_RC_OK(hTest, rc);
+
+    /* relative path symlink source with no '..' components always OK */
+    rc = createSymlink(&svcTable, Root, "./directory/file", "dotslash-symlink");
+    if (enmSymlinkPolicy == SymlinkPolicy_Forbidden)
+        RTTEST_CHECK_MSG(hTest, rc == VERR_WRITE_PROTECT,
+                         (hTest, "enmSymlinkPolicy=%d 'ln -s ./path/../symlink' failed: rc=%Rrc\n",
+                         enmSymlinkPolicy, rc));
+    else
+        RTTEST_CHECK_RC_OK(hTest, rc);
+
+    unmapAndRemoveMapping(hTest, &svcTable, Root, "testname");
+    rc = svcTable.pfnDisconnect(NULL, 0, svcTable.pvService);
+    AssertReleaseRC(rc);
+    rc = svcTable.pfnUnload(NULL);
+    AssertReleaseRC(rc);
+    RTTestGuardedFree(hTest, svcTable.pvService);
+    RTTEST_CHECK_MSG(hTest, g_testRTFileClose_hFile == hFile,
+                     (hTest, "File=%u\n", (uintptr_t)g_testRTFileClose_hFile));
+
+    return rc;
+}
+
+void testSymlinkCreation(RTTEST hTest)
+{
+    SymlinkPolicy_T aEnmSymlinkPolicy[4] = {
+        SymlinkPolicy_AllowedToAnyTarget,
+        SymlinkPolicy_AllowedInShareSubtree,
+        SymlinkPolicy_AllowedToRelativeTargets,
+        SymlinkPolicy_Forbidden
+    };
+
+    RTTestSub(hTest, "Create variety of symlinks with different symlink policies");
+    for (size_t i = 0; i < RT_ELEMENTS(aEnmSymlinkPolicy); i++)
+        testSymlinkCreationForSpecificPolicy(hTest, aEnmSymlinkPolicy[i]);
+}
+
 void testReadFileSimple(RTTEST hTest)
 {

trunk/src/VBox/HostServices/SharedFolders/testcase/tstSharedFolderService.h

@@ -123 +123 @@
 /* Sub-tests for testSymlink(). */
 void testSymlinkBadParameters(RTTEST hTest);
+void testSymlinkCreation(RTTEST hTest);
 
 void testMappingsAdd(RTTEST hTest);

trunk/src/VBox/HostServices/SharedFolders/teststubs.h

@@ -101 +101 @@
 #define RTSymlinkRead        testRTSymlinkRead
 extern int testRTSymlinkRead(const char *pszSymlink, char *pszTarget, size_t cbTarget, uint32_t fRead);
+#define RTSymlinkCreate      testRTSymlinkCreate
+extern int testRTSymlinkCreate(const char *pszSymlink, const char *pszTarget, RTSYMLINKTYPE enmType, uint32_t fCreate);
 
 #endif /* !VBOX_INCLUDED_SRC_SharedFolders_teststubs_h */

trunk/src/VBox/HostServices/SharedFolders/vbsf.cpp

@@ -256 +256 @@
     uint32_t fu32PathFlags = 0;
     uint32_t fu32Options =   VBSF_O_PATH_CHECK_ROOT_ESCAPE
-                           | (fWildCard? VBSF_O_PATH_WILDCARD: 0)
-                           | (fPreserveLastComponent? VBSF_O_PATH_PRESERVE_LAST_COMPONENT: 0);
+                           | (fWildCard ? VBSF_O_PATH_WILDCARD : 0)
+                           | (fPreserveLastComponent ? VBSF_O_PATH_PRESERVE_LAST_COMPONENT : 0);
 
     int rc = vbsfPathGuestToHost(pClient, root, pPath, cbPath,
@@ -2598 +2598 @@
     testSymlinkBadParameters(hTest);
     /* Add tests as required... */
-}
-#endif
-int vbsfSymlink(SHFLCLIENTDATA *pClient, SHFLROOT root, SHFLSTRING *pNewPath, SHFLSTRING *pOldPath, SHFLFSOBJINFO *pInfo)
+    testSymlinkCreation(hTest);
+}
+#endif
+
+int vbsfSymlink(SHFLCLIENTDATA *pClient, SHFLROOT root, SHFLSTRING *pSymlinkPath, SHFLSTRING *pSourcePath, SHFLFSOBJINFO *pInfo)
 {
     int rc = VINF_SUCCESS;
 
-    char *pszFullNewPath = NULL;
-    char *pszFullOldPath = NULL;
+    char *pszFullSymlinkPath = NULL;
+    char *pszFullSourcePath = NULL;
 
     /* XXX: no support for UCS2 at the moment. */
@@ -2617 +2619 @@
         return VERR_WRITE_PROTECT; /* XXX or VERR_TOO_MANY_SYMLINKS? */
 
-    rc = vbsfBuildFullPath(pClient, root, pNewPath, pNewPath->u16Size + SHFLSTRING_HEADER_SIZE, &pszFullNewPath, NULL);
-    AssertRCReturn(rc, rc);
-
-    /* Verify that the link target can be a valid host path, i.e. does not contain invalid characters. */
+    rc = vbsfBuildFullPath(pClient, root, pSymlinkPath, pSymlinkPath->u16Size + SHFLSTRING_HEADER_SIZE, &pszFullSymlinkPath,
+                           NULL);
+    if (RT_FAILURE(rc))
+        return rc;
+
+    /*
+     * The symbolic link source path may be located outside of the shared folder so thus
+     * we don't call vbsfBuildFullPath() which includes VBSF_O_PATH_CHECK_ROOT_ESCAPE to
+     * verify that the pathname resides within the shared folder.  Instead we call the
+     * heart of vbsfBuildFullPath() which is vbsfPathGuestToHost() to perform a subset
+     * of its checks to verify that the symbolic link source is a valid path by checking
+     * for invalid characters, replacing path delimiters if the guest uses a different
+     * slash than the host, and evaluating the symbolic link policy if one has been set.
+     * We don't collapse path components of '..' for example or alter the path otherwise
+     * as this is the documented behavior of symbolic links: the source pathname can be
+     * any pathname and isn't required to exist.
+     */
     uint32_t fu32PathFlags = 0;
-    uint32_t fu32Options = 0;
-    rc = vbsfPathGuestToHost(pClient, root, pOldPath, pOldPath->u16Size + SHFLSTRING_HEADER_SIZE,
-                             &pszFullOldPath, NULL, fu32Options, &fu32PathFlags);
+    uint32_t fu32Options = VBSF_O_PATH_CHECK_SYMLINK_POLICY;
+    rc = vbsfPathGuestToHost(pClient, root, pSourcePath, pSourcePath->u16Size + SHFLSTRING_HEADER_SIZE,
+                             &pszFullSourcePath, NULL, fu32Options, &fu32PathFlags);
     if (RT_FAILURE(rc))
     {
-        vbsfFreeFullPath(pszFullNewPath);
+        vbsfFreeFullPath(pszFullSymlinkPath);
         return rc;
     }
 
-    /** @todo r=bird: We _must_ perform slash conversion on the target (what this
-     *        code calls 'pOldPath' for some peculiar reason)! */
-
-    rc = RTSymlinkCreate(pszFullNewPath, (const char *)pOldPath->String.utf8,
-                         RTSYMLINKTYPE_UNKNOWN, 0);
+    rc = RTSymlinkCreate(pszFullSymlinkPath, pszFullSourcePath, RTSYMLINKTYPE_UNKNOWN, 0);
     if (RT_SUCCESS(rc))
     {
         RTFSOBJINFO info;
-        rc = RTPathQueryInfoEx(pszFullNewPath, &info, RTFSOBJATTRADD_NOTHING, RTPATH_F_ON_LINK);
+        rc = RTPathQueryInfoEx(pszFullSymlinkPath, &info, RTFSOBJATTRADD_NOTHING, RTPATH_F_ON_LINK);
         if (RT_SUCCESS(rc))
             vbfsCopyFsObjInfoFromIprt(pInfo, &info);
     }
 
-    vbsfFreeFullPath(pszFullOldPath);
-    vbsfFreeFullPath(pszFullNewPath);
+    vbsfFreeFullPath(pszFullSourcePath);
+    vbsfFreeFullPath(pszFullSymlinkPath);
 
     return rc;

trunk/src/VBox/HostServices/SharedFolders/vbsfpath.cpp

@@ -438 +438 @@
 }
 
+/**
+ * Validate the symbolic link creation policy inside a guest operating in a shared folder.
+ *
+ * @returns S_OK or VERR_WRITE_PROTECT.
+ * @param pchSymlinkPath    The pathname of the symbolic link within the guest.
+ * @param enmSymlinkPolicy  The symbolic link creation policy being evaluated.
+ *
+ * The enmSymlinkPolicy symlink creation policies are:
+ *  - @a none:       no policy set
+ *  - @a any:        no restrictions
+ *  - @a forbidden:  no symlinks allowed
+ *  - @a relative:   relative paths only ('..' path components allowed)
+ *  - @a subtree:    relative paths only within the shared folder (no '..' path components allowed)
+ */
+static int vbsfPathEvalSymlinkPolicy(const char *pchSymlinkPath, SymlinkPolicy_T enmSymlinkPolicy)
+{
+    /* If no symlink policy has been set we continue the historical behaviour of applying no
+     * additional restrictions.  The "any" policy also has no symlink path limitations. */
+    if (   enmSymlinkPolicy == SymlinkPolicy_None
+        || enmSymlinkPolicy == SymlinkPolicy_AllowedToAnyTarget)
+        return S_OK;
+
+    /* No absolute paths allowed except for the "any" policy.  The symlink path can't
+     * contain '..' components if the "subtree" policy in effect. */
+    if (   RTPathStartsWithRoot(pchSymlinkPath)
+        || enmSymlinkPolicy == SymlinkPolicy_Forbidden
+        || (   enmSymlinkPolicy == SymlinkPolicy_AllowedInShareSubtree
+            && RTStrStr(pchSymlinkPath, "..")))
+        return VERR_WRITE_PROTECT;
+
+    return S_OK;
+}
+
 int vbsfPathGuestToHost(SHFLCLIENTDATA *pClient, SHFLROOT hRoot,
                         PCSHFLSTRING pGuestString, uint32_t cbGuestString,
@@ -565 +598 @@
                 const char *pchSrc = pchGuestPath;
 
-                /* Strip leading delimiters from the path the guest specified. */
-                while (   cbSrc > 0
-                       && *pchSrc == pClient->PathDelimiter)
-                {
-                    ++pchSrc;
-                    --cbSrc;
+                /* when validating source file pathnames for symbolic links we don't modify the path */
+                if (!(fu32Options & VBSF_O_PATH_CHECK_SYMLINK_POLICY))
+                {
+                    /* Strip leading delimiters from the path the guest specified. */
+                    while (   cbSrc > 0
+                           && *pchSrc == pClient->PathDelimiter)
+                    {
+                        ++pchSrc;
+                        --cbSrc;
+                    }
                 }
 
@@ -615 +652 @@
                     *pchDst++ = 0;
 
-                    /* Construct the full host path removing '.' and '..'. */
-                    rc = vbsfPathAbs(pszRoot, pchVerifiedPath, pszFullPath, cbFullPathAlloc);
+                    /* check if a symbolic link creation policy has been set */
+                    if (fu32Options & VBSF_O_PATH_CHECK_SYMLINK_POLICY)
+                    {
+                        /* copy the verified symlink source file path to be returned to the caller */
+                        rc = RTStrCopy(pszFullPath, cbFullPathAlloc, pchVerifiedPath);
+                        if (RT_SUCCESS(rc))
+                        {
+                            SymlinkPolicy_T enmSymlinkPolicy;
+                            rc = vbsfMappingsQuerySymlinkPolicy(pClient, hRoot, &enmSymlinkPolicy);
+                            if (RT_SUCCESS(rc))
+                                rc = vbsfPathEvalSymlinkPolicy(pchVerifiedPath, enmSymlinkPolicy);
+                        }
+                    }
+                    else
+                    {
+                        /* Construct the full host path removing '.' and '..'. */
+                        rc = vbsfPathAbs(pszRoot, pchVerifiedPath, pszFullPath, cbFullPathAlloc);
+                    }
                     if (RT_SUCCESS(rc))
                     {
@@ -667 +720 @@
                     else
                     {
-                        LogFunc(("vbsfPathAbs %Rrc\n", rc));
+                        if (fu32Options & VBSF_O_PATH_CHECK_SYMLINK_POLICY)
+                            LogFunc(("vbsfPathEvalSymlinkPolicy() returns rc=%Rrc\n", rc));
+                        else
+                            LogFunc(("vbsfPathAbs %Rrc\n", rc));
                     }
                 }

trunk/src/VBox/HostServices/SharedFolders/vbsfpath.h

@@ -38 +38 @@
 #define VBSF_O_PATH_PRESERVE_LAST_COMPONENT UINT32_C(0x00000002)
 #define VBSF_O_PATH_CHECK_ROOT_ESCAPE       UINT32_C(0x00000004)
+#define VBSF_O_PATH_CHECK_SYMLINK_POLICY    UINT32_C(0x00000008)
 
 #define VBSF_F_PATH_HAS_WILDCARD_IN_PREFIX UINT32_C(0x00000001) /* A component before the last one contains a wildcard. */

trunk/src/VBox/Main/idl/VirtualBox.xidl

@@ -657 +657 @@
       <desc>Settings version "1.20", written by VirtualBox 7.1.x.</desc>
       <!--
-          Adds VM platform support: Non-platform-specific
-          settings were moved to the new Platform element, which now contains
-          the platform architecture for this VM. x86-specific
-          settings were moved from Machine to a new, dedicated Platform/x86 element.
-          BIOSSettings were renamed to FirmwareSettings. ARM-specific settings
-          were added to a new, dedicated Platform/ARM element. This settings
-          version only will be written if the ARM platform architecture is being
-          selected. Only affects the machine settings (not main configuration
-          settings).
+        - Machine changes:
+          + Adds VM platform support: Non-platform-specific
+            settings were moved to the new Platform element, which now contains
+            the platform architecture for this VM. x86-specific
+            settings were moved from Machine to a new, dedicated Platform/x86 element.
+            BIOSSettings were renamed to FirmwareSettings. ARM-specific settings
+            were added to a new, dedicated Platform/ARM element. This settings
+            version only will be written if the ARM platform architecture is being
+            selected. Only affects the machine settings (not main configuration
+            settings).
+          + Adds support for Shared Folder symbolic link configuration. (Machine
+            settings only).
       -->
     </const>
@@ -24429 +24432 @@
   <interface
     name="ISharedFolder" extends="$unknown"
-    uuid="9622225a-5409-414b-bd16-77df7ba3451e"
+    uuid="0b108b8c-62e0-4e06-9dfa-2f1a2ad70774"
     wsmap="managed"
     rest="managed"
@@ -24540 +24543 @@
         failure and should normally describe a reason of the failure (for
         example, a file read error).
+      </desc>
+    </attribute>
+
+    <attribute name="symlinkPolicy" type="SymlinkPolicy">
+      <desc>
+        The security policy for allowing guest VMs to create symbolic links
+        within a Shared Folder.
       </desc>
     </attribute>
@@ -30205 +30215 @@
 </enum>
 
+  <enum
+    name="SymlinkPolicy"
+    uuid="a818472e-215d-4279-8af8-eac4c0517bcc"
+    >
+    <desc>Shared Folder Symbolic Link Security Policies</desc>
+    <const name="None"                       value="0">
+      <desc>No symlink policy set (never used by the API).</desc>
+    </const>
+    <const name="Forbidden"                  value="1">
+      <desc>Users in the guest VM are not able to create symbolic links inside the Shared Folder.</desc>
+    </const>
+    <const name="AllowedInShareSubtree"      value="2">
+      <desc>Users in the guest VM are allowed to create symbolic links within the Shared Folder so long
+          as the target remains in the Shared Folder or within the subtree of the Shared Folder.
+      </desc>
+    </const>
+    <const name="AllowedToRelativeTargets"   value="3">
+      <desc>Users in the guest VM are allowed to create symbolic links within the Shared Folder to
+          targets within the Shared Folder and its subtree as well as to relative targets (../) outside of
+          the Shared Folder.
+      </desc>
+    </const>
+    <const name="AllowedToAnyTarget"         value="4">
+      <desc>Users in the guest VM are allowed to create symbolic links within the Shared Folder and
+          its subtree as well as to other targets via either relative pathnames or absolute pathnames.
+      </desc>
+    </const>
+</enum>
 
   <interface name="ICloudNetworkGatewayInfo" extends="$unknown"

trunk/src/VBox/Main/include/ConsoleSharedFolderImpl.h

@@ -89 +89 @@
     const Utf8Str &i_getAutoMountPoint() const;
 
+    /**
+     * Public internal method for getting the symlink policy.
+     */
+    const SymlinkPolicy_T i_getSymlinkPolicy() const;
+
 protected:
 
@@ -100 +105 @@
 private:
 
-    // wrapped ISharedFolder properies.
+    // wrapped ISharedFolder properties.
     HRESULT getName(com::Utf8Str &aName);
     HRESULT getHostPath(com::Utf8Str &aHostPath);
@@ -111 +116 @@
     HRESULT setAutoMountPoint(com::Utf8Str const &aAutoMountPoint);
     HRESULT getLastAccessError(com::Utf8Str &aLastAccessError);
+    HRESULT getSymlinkPolicy(SymlinkPolicy_T *aSymlinkPolicy);
+    HRESULT setSymlinkPolicy(SymlinkPolicy_T aSymlinkPolicy);
 
     VirtualBoxBase * const mParent;

trunk/src/VBox/Main/include/MachineImpl.h

@@ -911 +911 @@
     friend class RecordingScreenSettings;
     friend class SessionMachine;
+    friend class SharedFolder;
     friend class SnapshotMachine;
     friend class VirtualBox;

trunk/src/VBox/Main/include/SharedFolderImpl.h

@@ -49 +49 @@
     // public initializer/uninitializer for internal purposes only
     HRESULT init(Machine *aMachine, const com::Utf8Str &aName, const com::Utf8Str &aHostPath,
-                 bool aWritable, bool aAutoMount, const com::Utf8Str &aAutoMountPoint, bool fFailOnError);
+                 bool aWritable, bool aAutoMount, const com::Utf8Str &aAutoMountPoint, bool fFailOnError,
+                 SymlinkPolicy_T enmSymlinkPolicy);
     HRESULT initCopy(Machine *aMachine, SharedFolder *aThat);
 //    HRESULT init(Console *aConsole, const com::Utf8Str &aName, const com::Utf8Str &aHostPath,
@@ -89 +90 @@
     const Utf8Str &i_getAutoMountPoint() const;
 
+    /**
+     * Public internal method for getting the symlink policy.
+     */
+    const SymlinkPolicy_T i_getSymlinkPolicy() const;
+
 protected:
 
@@ -97 +103 @@
                             bool aAutoMount,
                             const com::Utf8Str &aAutoMountPoint,
-                            bool fFailOnError);
+                            bool fFailOnError,
+                            SymlinkPolicy_T enmSymlinkPolicy);
 private:
 
-    // wrapped ISharedFolder properies.
+    // wrapped ISharedFolder properties.
     HRESULT getName(com::Utf8Str &aName);
     HRESULT getHostPath(com::Utf8Str &aHostPath);
@@ -111 +118 @@
     HRESULT setAutoMountPoint(com::Utf8Str const &aAutoMountPoint);
     HRESULT getLastAccessError(com::Utf8Str &aLastAccessError);
+    HRESULT getSymlinkPolicy(SymlinkPolicy_T *aSymlinkPolicy);
+    HRESULT setSymlinkPolicy(SymlinkPolicy_T aSymlinkPolicy);
 
     VirtualBoxBase * const mParent;

trunk/src/VBox/Main/src-all/ConsoleSharedFolderImpl.cpp

@@ -44 +44 @@
     Data()
     : fWritable(false),
-      fAutoMount(false)
+      fAutoMount(false),
+      enmSymlinkPolicy(SymlinkPolicy_None)
     { }
 
@@ -53 +54 @@
     const Utf8Str   strAutoMountPoint;
     Utf8Str         strLastAccessError;
+    SymlinkPolicy_T enmSymlinkPolicy;
 };
 
@@ -305 +307 @@
 }
 
+HRESULT ConsoleSharedFolder::getSymlinkPolicy(SymlinkPolicy_T *aSymlinkPolicy)
+{
+    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+    *aSymlinkPolicy = m->enmSymlinkPolicy;
+    return S_OK;
+}
+
+HRESULT ConsoleSharedFolder::setSymlinkPolicy(SymlinkPolicy_T aSymlinkPolicy)
+{
+    RT_NOREF(aSymlinkPolicy);
+    return E_NOTIMPL;
+}
 
 const Utf8Str& ConsoleSharedFolder::i_getName() const
@@ -331 +345 @@
 }
 
+const SymlinkPolicy_T ConsoleSharedFolder::i_getSymlinkPolicy() const
+{
+    return m->enmSymlinkPolicy;
+}
+
 /* vi: set tabstop=4 shiftwidth=4 expandtab: */

trunk/src/VBox/Main/src-all/SharedFolderImpl.cpp

@@ -46 +46 @@
     Data()
     : fWritable(false),
-      fAutoMount(false)
+      fAutoMount(false),
+      enmSymlinkPolicy(SymlinkPolicy_None)
     { }
 
@@ -55 +56 @@
     const Utf8Str   strAutoMountPoint;
     Utf8Str         strLastAccessError;
+    SymlinkPolicy_T enmSymlinkPolicy;
 };
 
@@ -109 +111 @@
                            bool aAutoMount,
                            const Utf8Str &aAutoMountPoint,
-                           bool fFailOnError)
+                           bool fFailOnError,
+                           SymlinkPolicy_T enmSymlinkPolicy)
 {
     /* Enclose the state transition NotReady->InInit->Ready */
@@ -117 +120 @@
     unconst(mMachine) = aMachine;
 
-    HRESULT hrc = i_protectedInit(aMachine, aName, aHostPath, aWritable, aAutoMount, aAutoMountPoint, fFailOnError);
+    HRESULT hrc = i_protectedInit(aMachine, aName, aHostPath, aWritable, aAutoMount, aAutoMountPoint, fFailOnError,
+                                  enmSymlinkPolicy);
 
     /* Confirm a successful initialization when it's the case */
@@ -152 +156 @@
                                   aThat->m->fAutoMount,
                                   aThat->m->strAutoMountPoint,
-                                  false /* fFailOnError */ );
+                                  false /* fFailOnError */,
+                                  aThat->m->enmSymlinkPolicy);
 
     /* Confirm a successful initialization when it's the case */
@@ -214 +219 @@
                                       bool aAutoMount,
                                       const Utf8Str &aAutoMountPoint,
-                                      bool fFailOnError)
-{
-    LogFlowThisFunc(("aName={%s}, aHostPath={%s}, aWritable={%d}, aAutoMount={%d}\n",
-                      aName.c_str(), aHostPath.c_str(), aWritable, aAutoMount));
+                                      bool fFailOnError,
+                                      SymlinkPolicy_T enmSymlinkPolicy)
+{
+    LogFlowThisFunc(("aName={%s}, aHostPath={%s}, aWritable={%d}, aAutoMount={%d} enmSymlinkPolicy={%d}\n",
+                      aName.c_str(), aHostPath.c_str(), aWritable, aAutoMount, enmSymlinkPolicy));
 
     ComAssertRet(aParent && aName.isNotEmpty() && aHostPath.isNotEmpty(), E_INVALIDARG);
@@ -271 +277 @@
     m->fAutoMount = aAutoMount;
     unconst(m->strAutoMountPoint) = aAutoMountPoint;
+    m->enmSymlinkPolicy = enmSymlinkPolicy;
 
     return S_OK;
@@ -385 +392 @@
 }
 
+HRESULT SharedFolder::getSymlinkPolicy(SymlinkPolicy_T *aSymlinkPolicy)
+{
+    AutoReadLock alock(this COMMA_LOCKVAL_SRC_POS);
+    *aSymlinkPolicy = m->enmSymlinkPolicy;
+    return S_OK;
+}
+
+HRESULT SharedFolder::setSymlinkPolicy(SymlinkPolicy_T aSymlinkPolicy)
+{
+    switch (aSymlinkPolicy)
+    {
+        case SymlinkPolicy_AllowedToAnyTarget:
+        case SymlinkPolicy_AllowedInShareSubtree:
+        case SymlinkPolicy_AllowedToRelativeTargets:
+        case SymlinkPolicy_Forbidden:
+            break;
+        default:
+            return setError(E_INVALIDARG, tr("The symbolic link policy specified (%d) is invalid."), aSymlinkPolicy);
+    }
+
+    AutoWriteLock alock(this COMMA_LOCKVAL_SRC_POS);
+    m->enmSymlinkPolicy = aSymlinkPolicy;
+    return S_OK;
+}
 
 const Utf8Str& SharedFolder::i_getName() const
@@ -411 +442 @@
 }
 
+const SymlinkPolicy_T SharedFolder::i_getSymlinkPolicy() const
+{
+    return m->enmSymlinkPolicy;
+}
+
 /* vi: set tabstop=4 shiftwidth=4 expandtab: */

trunk/src/VBox/Main/src-client/ConsoleImpl.cpp

@@ -9541 +9541 @@
                       | (fMissing           ? SHFL_ADD_MAPPING_F_MISSING : 0));
         SHFLSTRING_TO_HGMC_PARAM(&aParams[3], pAutoMountPoint);
-        AssertCompile(SHFL_CPARMS_ADD_MAPPING == 4);
+        HGCMSvcSetU32(&aParams[4], SymlinkPolicy_None);
+        AssertCompile(SHFL_CPARMS_ADD_MAPPING == 5);
 
         vrc = m_pVMMDev->hgcmHostCall("VBoxSharedFolders", SHFL_FN_ADD_MAPPING, SHFL_CPARMS_ADD_MAPPING, aParams);

trunk/src/VBox/Main/src-server/MachineImpl.cpp

@@ -5032 +5032 @@
                         aName.c_str());
 
+    SymlinkPolicy_T enmSymlinkPolicy = SymlinkPolicy_None;
     sharedFolder.createObject();
     hrc = sharedFolder->init(i_getMachine(),
@@ -5039 +5040 @@
                              !!aAutomount,
                              aAutoMountPoint,
-                             true /* fFailOnError */);
+                             true /* fFailOnError */,
+                             enmSymlinkPolicy);
     if (FAILED(hrc)) return hrc;
 
@@ -8818 +8820 @@
                                      RT_BOOL(sf.fAutoMount),
                                      sf.strAutoMountPoint,
-                                     false /* fFailOnError */);
+                                     false /* fFailOnError */,
+                                     sf.enmSymlinkPolicy);
             if (FAILED(hrc)) return hrc;
             mHWData->mSharedFolders.push_back(sharedFolder);
@@ -10193 +10196 @@
             sf.fAutoMount = !!pSF->i_isAutoMounted();
             sf.strAutoMountPoint = pSF->i_getAutoMountPoint();
+            sf.enmSymlinkPolicy = pSF->i_getSymlinkPolicy();
 
             data.llSharedFolders.push_back(sf);

trunk/src/VBox/Main/xml/Settings.cpp

@@ -3793 +3793 @@
 SharedFolder::SharedFolder() :
     fWritable(false),
-    fAutoMount(false)
+    fAutoMount(false),
+    enmSymlinkPolicy(SymlinkPolicy_None)
 {
 }
@@ -3809 +3810 @@
             && fWritable         == g.fWritable
             && fAutoMount        == g.fAutoMount
-            && strAutoMountPoint == g.strAutoMountPoint);
+            && strAutoMountPoint == g.strAutoMountPoint
+            && enmSymlinkPolicy  == g.enmSymlinkPolicy);
 }
 
@@ -5992 +5994 @@
                 pelmFolder->getAttributeValue("autoMount", sf.fAutoMount);
                 pelmFolder->getAttributeValue("autoMountPoint", sf.strAutoMountPoint);
+
+                Utf8Str strTemp;
+                if (pelmFolder->getAttributeValue("symlinkPolicy", strTemp))
+                {
+                    if (strTemp == "forbidden")
+                        sf.enmSymlinkPolicy = SymlinkPolicy_Forbidden;
+                    else if (strTemp == "subtree")
+                        sf.enmSymlinkPolicy = SymlinkPolicy_AllowedInShareSubtree;
+                    else if (strTemp == "relative")
+                        sf.enmSymlinkPolicy = SymlinkPolicy_AllowedToRelativeTargets;
+                    else if (strTemp == "any")
+                        sf.enmSymlinkPolicy = SymlinkPolicy_AllowedToAnyTarget;
+                    else
+                        throw ConfigFileError(this,
+                                              pelmHwChild,
+                                              N_("Invalid value '%s' in SharedFolder/@symlinkPolicy attribute"),
+                                              strTemp.c_str());
+                }
                 hw.llSharedFolders.push_back(sf);
             }
@@ -8309 +8329 @@
             if (sf.strAutoMountPoint.isNotEmpty())
                 pelmThis->setAttribute("autoMountPoint", sf.strAutoMountPoint);
+            const char *pcszSymlinkPolicy;
+            if (sf.enmSymlinkPolicy != SymlinkPolicy_None)
+            {
+                switch (sf.enmSymlinkPolicy)
+                {
+                    default: /*case SymlinkPolicy_Forbidden:*/    pcszSymlinkPolicy = "forbidden";  break;
+                    case SymlinkPolicy_AllowedInShareSubtree:     pcszSymlinkPolicy = "subtree";    break;
+                    case SymlinkPolicy_AllowedToRelativeTargets:  pcszSymlinkPolicy = "relative";   break;
+                    case SymlinkPolicy_AllowedToAnyTarget:        pcszSymlinkPolicy = "any";        break;
+                }
+                pelmThis->setAttribute("symlinkPolicy", pcszSymlinkPolicy);
+            }
         }
     }
@@ -9531 +9563 @@
             return;
         }
+
+        // VirtualBox 7.1 (settings v1.20) adds support for customizable control over Shared Folders symlink creation.
+        if (hardwareMachine.llSharedFolders.size())
+        {
+            for (SharedFoldersList::const_iterator it = hardwareMachine.llSharedFolders.begin();
+                 it != hardwareMachine.llSharedFolders.end();
+                 ++it)
+            {
+                if (it->enmSymlinkPolicy != SymlinkPolicy_None)
+                {
+                    m->sv = SettingsVersion_v1_20;
+                    return;
+                }
+            }
+        }
     }
 

trunk/src/VBox/Main/xml/VirtualBox-settings.xsd

@@ -301 +301 @@
     <xsd:enumeration value="VBoxSVGA"/>
     <xsd:enumeration value="QemuRamFB"/>
+  </xsd:restriction>
+</xsd:simpleType>
+
+<xsd:simpleType name="TSymlinkPolicy"> <!-- new since v1.20. -->
+  <xsd:restriction base="xsd:token">
+    <xsd:enumeration value="forbidden"/>
+    <xsd:enumeration value="subtree"/>
+    <xsd:enumeration value="relative"/>
+    <xsd:enumeration value="any"/>
   </xsd:restriction>
 </xsd:simpleType>
@@ -1305 +1314 @@
   <xsd:attribute name="autoMount" type="xsd:boolean" default="false"/>
   <xsd:attribute name="autoMountPoint" type="xsd:string"/>
+  <xsd:attribute name="symlinkPolicy" type="TSymlinkPolicy" default="forbidden"/> <!-- new since v1.20. -->
 </xsd:complexType>