Chromium browsers in Sandboxie can not access microphone

[bill6248]

Describe the bug
chrome、opera in Sandboxie can not access microphone. my hardware is OK, since chrome\opera outside the sandboxie can use microphone successfully and wechat in sandboxie can access microphone.

version
Sandboxie-Plus-x64-v0.9.5.exe
Sandboxie-Classic-x64-v5.51.5.exe

System details and installed software (please provide the following information):

• win 10

[isaak654]

I have the same issue with Ms Edge and this site that triggers the microphone permission popup. If you allow it outside of the sandbox, the mic test will be allowed correctly, but not inside a clean sandbox.

I've tried OpenDevCMApi=y, but it didn't work.

[bill6248]

I have the same issue with Ms Edge and this site that triggers the microphone permission popup. If you allow it outside of the sandbox, the mic test will be allowed correctly, but not inside a clean sandbox.

I've tried OpenDevCMApi=y, but it didn't work.

i agree with you. OpenDevCMApi did not work

[MancioDellaVega]

Describe the bug chrome、opera in Sandboxie can not access microphone. my hardware is OK, since chrome\opera outside the sandboxie can use microphone successfully and wechat in sandboxie can access microphone.

version Sandboxie-Plus-x64-v0.9.5.exe Sandboxie-Classic-x64-v5.51.5.exe

System details and installed software (please provide the following information):

• win 10

I have the same issue, for resolve it i use this comman line to load the sandbox...
C:\Program Files\Sandboxie-Plus\Start.exe Chrome.exe --no-sandbox

i don't know if is safe to use it..but seems that works fine..

[KindaNeatdoe]

I have Whatsapp Web and I cannot access webcam and mic, I think it's a chromium based app
Version: Sandboxie Plus v1.0.22
System Details: Running Windows 11
Note: I cannot run 2 instance of whatsapp at same time without the sandbox.
also sorry for the botched up covering

[SoraKagami]

It seems to be possible to get microphone and webcam/camera access inside a sandbox for messaging applications like "Line", Skype (PC build version) etc. but not chrome/chromium.

For some unusual reason Chrome/chromium appears to be doing something different that appears to be incompatible with sandboxie?

Extra info:
Chrome (101.0.4951.54) inside a sandbox can see windows' microphone devices and can switch between them. However when attempting to access a mic using say, the web version of Discord, it'll report "Microphone Access is Denied". Same issue as what KindaNeatdoe and everyone above reported.

Turning on "Allow sandboxed programs to manage Hardware/Devices" (sandboxie-plus) does not appear to fix this.
I wonder if Chrome may be attempting to access the microphone/webcam "Settings" using the UWP system?

Another relevant Sandboxie-Plus test result:
Turning on "Disable Security Isolation" and "Disable Security Filtering" and reducing most (not all) of the sandboxie related protections did not allow chrome to successfully access the microphone.

[SoraKagami]

The need for chromium to be able to access the mic/cam (while sandboxie'd) will only grow and become increasingly relevant and of importance to sandboxie going forward.

Google meet has become widely used by companies (staff-meetings / shareholder-meetings) and individuals, while more and more high profile applications become based on chromium, switches to chromium or embed chromium.

There is also the large number of web applications requiring mic/webcam access which cannot be run while a browser is sandboxie'd, forcing users to disable sandboxie for compatibility while throwing security out the front door.

Is there anything us users of sandboxie can do to help with addressing this issue?

[isaak654]

Is there anything us users of sandboxie can do to help with addressing this issue?

See also:

• Immediately start saving Trace Log to file #2487
• https://youtu.be/4k2XoT7VQuc (for security hardened sandboxes)
• Sandboxie Trace
• Status of known issues and roadmap

In my experience, even a resource that needs to be closed could cause issues. It is possible to fix compatibility issues by opening resources or closing them. But there are also issues which require more than that, for this reason any relevant help would be appreciated.

If a prompt fix is needed, you could try getting in touch with the lead developer (or an external one) and offer a bounty.

[SoraKagami]

@isaak654 Thank you very much for your detailed reply.
Here is a link to my tracelog (private info removed, will delete the link and file once you've downloaded it): https://www.dropbox.com/s/47o0pzvd3ihkze3/Chrome%20Google%20Meet%20Trace%2C%20new%20sandbox%2C%20chrome%20forced%20only.log?dl=1

Update with hopefully useful information:
Turns out I could get mic and webcam access in a sandboxed (default settings, "Standard Isolation Sandbox") chrome for some PC setups, but not all and usually with a manual change inside chrome/Firefox/etc.

To replicate (partially working mic/webcam):

1. Create a default sandbox.
2. Enable the app template "Force Google Chrome to run in this sandbox".
3. Launch Chrome and browse to say, google meets.
4. Start or join a google meet session to see the webcam/mic controls.
5. If it works as is, great! If not, go to 6.
6. Select the triple vertical dots button & go to settings.
7. Change the selected Mic to a "non-default" setting.
8. Change the webcam to another working webcam if possible

What is supposed to happen:
Everything should work as is up to step 5, and that's all we should need to do.

What actually happens (on some systems/setups):
Steps 6 onwards may be required. For some unusual reason the windows "default" selection will bug out inside a sandbox.

What else was tried:
Sandbox as above with the following extras:

1. General Options:

• "Allow to read memory of unsandboxed processes"

2. Advanced Options:

• "Open access to COM infrastructure" -> On
• Isolation off ("Disable Security Isolation" and "Disable Security Filtering" on)
• "Allow sandboxed programs to maange Hardware/Devices"

3. Edit ini to add the following extras or some combination of these extras:

OpenClsid={7AB36653-1796-484B-BDFA-E74F1DB7C1DC}
OpenClsid={96749377-3391-11D2-9EE3-00C04F797396}
OpenClsid={EF411752-3736-4CB4-9C8C-8EF4CCB58EFE}
OpenClsid={3918D75F-0ACB-41F2-B733-92AA15BCECF6}
OpenClsid={96749373-3391-11D2-9EE3-00C04F797396}
OpenClsid={D9F6EE60-58C9-458B-88E1-2F908FD7F87C}
OpenClsid={A910187F-0C7A-45AC-92CC-59EDAFB77B53}
OpenClsid={E77CC89B-7401-4C04-8CED-149DB35ADD04}
OpenClsid={E2B3C97F-6AE1-41AC-817A-F6F92166D7DD}
OpenClsid={4CE576FA-83DC-4F88-951C-9D0782B4E376}
OpenClsid={6C3EE638-B588-4D7D-B30A-E7E36759305D}
OpenClsid={228826AF-02E1-4226-A9E0-99A855E455A6}
OpenClsid={3CE74DE4-53D3-4D74-8B83-431B3828BA53}
OpenClsid={A4B544A1-438D-4B41-9325-869523E2D6C7}
OpenClsid={529A9E6B-6587-4F23-AB9E-9C7D683E3C50}
OpenClsid={33C53A50-F456-4884-B049-85FD643ECFED}
OpenClsid={AA509086-5CA9-4C25-8F95-589D3C07B48A}
OpenClsid={C223AC50-9756-4D87-878F-12F7E8160D44}
OpenClsid={38E441FB-3D16-422F-8750-B2DACEC5CEFC}
OpenClsid={8BC3F05E-D86B-11D0-A075-00C04FB68820}
OpenClsid={BCDE0395-E52F-467C-8E3D-C4579291692E}
OpenIpcPath=*\BaseNamedObjects*\__ComCatalogCache__
OpenIpcPath=\RPC Control\AudioClientRpc
OpenDevCMApi=y
OpenIpcPath=*
OpenWinClass=*
OpenIpcPath=\Device\*
OpenKeyPath=HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\MMDevices\*

The following extra system-specific settings were also attempted and failed (for nVidia Broadcast and EpocCam webcam):

OpenIpcPath=$:EpocCamService.exe
OpenIpcPath=$:epoccamtray.exe
OpenIpcPath=C:\Program Files\NVIDIA Corporation\NVIDIA Broadcast\*

Discord:
Desktop app sandboxed works fine.
Web Discord in chrome exhibits similar mic/webcam issues and may work with a manual selection of mic/webcam.

[isaak654]

Thank you for your effort and discoveries. If possible, I would suggest to keep your log available for a future comparison.

The thing that bothers me most about this issue is that I just realized that the microphone issue reproduced in this post is not present on a Windows 7 VM (the same one I previously sent to @DavidXanatos for a different issue) and I cannot understand why the mic authorization doesn't seem to work for the sandboxed MS Edge on Windows 10 or later.

Here are the logs & Sandboxie.ini related to the working sandboxed Microsoft Edge on a W7 x64 system:
https://gist.github.com/isaak654/9905060b0936e6b2e051c0c1c2e5e941

[SoraKagami]

@isaak654 Ok I will keep the log there unless someone finds something private inside that should be removed, or until it's no longer needed.

Windows 10: From my research for other software incompatibilities, the windows 10 creator's update made some major updates to the security side of things and broke compatibility for some software until patched (VMWare player for one). My own guess is that this may be related?

Does your mic work in a sandboxed Edge if you change the selection to something other than one marked with "Default" ?

Other relevant info
My current windows is version 21H1 (19043.1165) with the "Windows Feature Experience Pack 120.2212.3530.0".
21H2 onwards may break some of the software that I need so I didn't venture to update beyond 21H1.

The mic issue with chromium is really weird since it appears to work if we manually select the non-default options. Anything assigned as "default" tends to fail (except for the speaker!). Unfortunately this manual selection process can be a bit finicky as I've seen it revert to "default" after being set (sandbox set to not auto delete).

Webcam: For my setup OBS studio works if selected, but EpocCam and nVidia Broadcast won't work inside a sandbox.

[isaak654]

I have the same issue with Ms Edge and this site that triggers the microphone permission popup. If you allow it outside of the sandbox, the mic test will be allowed correctly, but not inside a clean sandbox.

I've tried OpenDevCMApi=y, but it didn't work.

Update: this has been fixed for me with Plus v.1.5.3 x64
(using a clean standard sandbox without OpenDevCMApi=y - Windows 10 21H2 x64).