Adobe Reader X Security Sandbox - adding rules (plugin)

The "Inside Adobe Reader X protected mode" articles briefly mention that the Sandbox should be programmatically configurable (using AddRule()).

Also the reader X SDK should contain some sample code for adding rules, but I don't see the example anywhere. Searching the whole SDK for terms like "broker", "sandbox" or "addrule" also doesn't find anything.

How to configure the security sandbox to allow writing to a specific location in the registry (under HKCU)?

How to configure the security开发者_运维技巧 sandbox to allow writing to a specific directory on the filesystem?

Seems there is no API to do it, at least not yet (which kind of makes sense from a security point of view).

However it's still possible by using a policy file named ProtectedModeWhitelistConfig.txt. The file should be created in the same directory with AcroRd32.exe. Acrobat Reader install path can be obtained from the registry: HKLM\Software\Adobe\Acrobat Reader\10.0\InstallPath. If the file already exists then it would be polite not to overwrite it completely and destroy the changes made by other plugins or the local sysadmin - instead just append our own rules.

Before creating our own custom rules we need to enable the usage of ProtectedModeWhiteListConfig.txt. For that the install script should set/create a new DWORD under HKLM\SOFTWARE\Policies\Adobe\Acrobat\Reader\10.0\FeatureLockDown with the name bUseWhitelistConfigFile and value 1.

Now it will be possible to define custom rules:

• REG_ALLOW_ANY = HKEY_CURRENT_USER\Software\MyPlugin
• FILES_ALLOW_ANY = %APPDATA%\MyPlugin\data.txt

More info in Adobe Documentation (section 2.2.6)