fix(windows-sandbox): deny reads for workspace sid

Co-authored-by: Codex <noreply@openai.com>
2026-05-24 21:14:51 +00:00 · 2026-05-09 20:52:42 +00:00
parent 40140ee9dd
commit 3387ce75b9
2 changed files with 18 additions and 0 deletions
--- a/codex-rs/windows-sandbox-rs/src/lib.rs
+++ b/codex-rs/windows-sandbox-rs/src/lib.rs
@@ -513,6 +513,15 @@ mod windows_impl {
                    return Err(err);
                }
            };
+            if persist_aces && let Some(psid_workspace) = psid_workspace {
+                let workspace_cap_sid = workspace_cap_sid_for_cwd(codex_home, cwd)?;
+                sync_persistent_deny_read_acls(
+                    codex_home,
+                    &workspace_cap_sid,
+                    additional_deny_read_paths,
+                    psid_workspace,
+                )?;
+            }
            if !persist_aces {
                for path in applied_deny_read_paths {
                    guards.push((path, psid_generic));
--- a/codex-rs/windows-sandbox-rs/src/spawn_prep.rs
+++ b/codex-rs/windows-sandbox-rs/src/spawn_prep.rs
@@ -272,6 +272,15 @@ pub(crate) fn apply_legacy_session_acl_rules(
        } else {
            apply_deny_read_acls(additional_deny_read_paths, psid_generic.as_ptr())?
        };
+        if persist_aces && let Some(psid_workspace) = psid_workspace {
+            let workspace_cap_sid = workspace_cap_sid_for_cwd(codex_home, current_dir)?;
+            sync_persistent_deny_read_acls(
+                codex_home,
+                &workspace_cap_sid,
+                additional_deny_read_paths,
+                psid_workspace.as_ptr(),
+            )?;
+        }
        if !persist_aces {
            guards.extend(applied_deny_read_paths);
        }