Ability to Give Programs Absolute Path

[Naeemh1]

Is your feature request related to a problem or use case?

Yes. I use my browser sandboxed and I have set office products (word, excel, etc...) to run unsandboxed (breakout). When opening a word document, sometimes I rather open it directly and not have it downloaded through firefox's open option. This causes the file to be stored in some temporary folder inside the sandbox. However, when firefox launches the document through an unsandboxed MS Word instance, it gives it the relative path (something like \C:\User\Appdata\Local\Temp\Document.docx). This makes sense for a sandboxed app, however, unsandboxed apps will look in that real directory and obviously not find it.

Describe the solution you'd like

Is it possible for the unsandboxed app instance to receive the correct path, as in C:\Sandbox\User\SandboxName\user\current\Appdata...

Describe alternatives you've considered

The most intuitive solution is to run ms word sandboxed, but I had no luck with getting any ms app to work sandboxed (both office templates are enabled).

[DavidXanatos]

mmh.... it is difficult, but not impossible, since we do the breakout decision in CreateProcessInternalW we can at this stage edit the command line if we want. The problem is that the command line is pretty arbitrary, that said we could employ a reasonably simple heuristic to find any string in the command line that looks like a absolute path, resolve for it the sandboxed location and replace it, if we are handling a breakout process.

I'll look into adding this in one of the upcoming builds

[Naeemh1]

Would checking if lpCommandLine contains some "\C:\UserName" and replacing that portion (while keeping everything else the same) with sandbox path ("\C:\Sandbox\User\SandboxName) + path to user (\user\current\ ) before sending it to the process do the trick?
Assuming that's what lpCommandLine is meant for :). I haven't checked the entire file.

[typpos]

StartupDirectory may not exist outside the sandbox, and may be relevant to interpret relative file path in command line args.

Maybe/please provide an explicit "enable" option if you implement this. "Heuristics" for these edge cases can be confusing.

Possible generalisation: User can create odered list of regex & replacement strings (%USERNAME% etc) to match and transform command line args as well as application executable path, so user can change target application and be more selective about when a break-out is invoked. This can be used for any process start, not just break-outs.