QNetworkAccessManager hang with low integrity level (low IL) sandboxing

QNetworkAccessManager freezes when attempting to perform GET or POST operations from a process with low integrity level (low IL) sandboxing.

Background: This bug is preventing my company from performing HTTP calls from Qt applications running on embedded medical devices.

Steps to reproduce

• Unzip attached reproducer
• Build project on Windows.
• From an administrator command prompt: Run icacls QtNetworkAuthSandboxing.exe /setintegritylevel Low to make the program run in low integrity level (low IL).
• From a regular command prompt: Run QtNetworkAuthSandboxing.exe
• Observe that the program freezes without any console output.

Root cause

The root cause appear to be the CertOpenSystemStore(0, L"ROOT") calls in qtls_schannel.cpp. These calls will fail when running under low IL due to lack of write access to the HKCU\SOFTWARE\Microsoft\SystemCertificates\ROOT registry key. This can be verified by monitoring registry access with Process Explorer.

Proposed fix

Replace the CertOpenSystemStore(0, L"ROOT") calls with CertOpenStore(CERT_STORE_PROV_SYSTEM, 0, NULL, CERT_STORE_READONLY_FLAG | CERT_SYSTEM_STORE_CURRENT_USER, L"ROOT") so that the certificate store is opened in read-only mode.