Drop permission policy changes from context fragment PR

Co-authored-by: Codex <noreply@openai.com>
2026-04-24 06:35:50 +00:00 · 2026-03-12 11:08:21 -07:00
parent 3954e00f53
commit a000166a4d
5 changed files with 28 additions and 1590 deletions
--- a/codex-rs/core/src/exec_policy.rs
+++ b/codex-rs/core/src/exec_policy.rs
--- a/codex-rs/core/src/tools/handlers/mod.rs
+++ b/codex-rs/core/src/tools/handlers/mod.rs
@@ -214,13 +214,12 @@ pub(super) async fn apply_granted_turn_permissions(
        _ => false,
    };

-    let sandbox_permissions = if effective_permissions.is_some()
-        && !sandbox_permissions.requires_additional_permissions()
-    {
-        SandboxPermissions::WithAdditionalPermissions
-    } else {
-        sandbox_permissions
-    };
+    let sandbox_permissions =
+        if effective_permissions.is_some() && !sandbox_permissions.uses_additional_permissions() {
+            SandboxPermissions::WithAdditionalPermissions
+        } else {
+            sandbox_permissions
+        };

    EffectiveAdditionalPermissions {
        sandbox_permissions,
--- a/codex-rs/core/src/tools/handlers/shell.rs
+++ b/codex-rs/core/src/tools/handlers/shell.rs
@@ -381,7 +381,7 @@ impl ShellHandler {
        // continue through the normal exec approval flow for the command.
        if effective_additional_permissions
            .sandbox_permissions
-            .requires_escalated_permissions()
+            .requests_sandbox_override()
            && !effective_additional_permissions.permissions_preapproved
            && !matches!(
                turn.approval_policy.value(),
--- a/codex-rs/core/src/tools/handlers/unified_exec.rs
+++ b/codex-rs/core/src/tools/handlers/unified_exec.rs
@@ -187,7 +187,7 @@ impl ToolHandler for UnifiedExecHandler {
                // continue through the normal exec approval flow for the command.
                if effective_additional_permissions
                    .sandbox_permissions
-                    .requires_escalated_permissions()
+                    .requests_sandbox_override()
                    && !effective_additional_permissions.permissions_preapproved
                    && !matches!(
                        context.turn.approval_policy.value(),
--- a/codex-rs/core/tests/suite/approvals.rs
+++ b/codex-rs/core/tests/suite/approvals.rs
@@ -239,7 +239,7 @@ fn shell_event_with_prefix_rule(
        "command": command,
        "timeout_ms": timeout_ms,
    });
-    if sandbox_permissions.requires_escalated_permissions() {
+    if sandbox_permissions.requests_sandbox_override() {
        args["sandbox_permissions"] = json!(sandbox_permissions);
    }
    if let Some(prefix_rule) = prefix_rule {
@@ -262,7 +262,7 @@ fn exec_command_event(
    if let Some(yield_time_ms) = yield_time_ms {
        args["yield_time_ms"] = json!(yield_time_ms);
    }
-    if sandbox_permissions.requires_escalated_permissions() {
+    if sandbox_permissions.requests_sandbox_override() {
        args["sandbox_permissions"] = json!(sandbox_permissions);
        let reason = justification.unwrap_or(DEFAULT_UNIFIED_EXEC_JUSTIFICATION);
        args["justification"] = json!(reason);