fix(sandbox): adapt windows deny-read parity rebase

Co-authored-by: Codex noreply@openai.com

codex-rs/core/src/exec.rs

@@ -1198,12 +1198,6 @@ pub(crate) fn resolve_windows_elevated_filesystem_overrides(
         .needs_direct_runtime_enforcement(network_sandbox_policy, sandbox_policy_cwd);
     let normalize_path = |path: PathBuf| dunce::canonicalize(&path).unwrap_or(path);
     let legacy_writable_roots = sandbox_policy.get_writable_roots_with_cwd(sandbox_policy_cwd);
-    let legacy_readable_root_set: BTreeSet<PathBuf> = sandbox_policy
-        .get_readable_roots_with_cwd(sandbox_policy_cwd)
-        .into_iter()
-        .map(codex_utils_absolute_path::AbsolutePathBuf::into_path_buf)
-        .map(&normalize_path)
-        .collect();
     let legacy_root_paths: BTreeSet<PathBuf> = legacy_writable_roots
         .iter()
         .map(|root| normalize_path(root.root.to_path_buf()))
@@ -1214,7 +1208,6 @@ pub(crate) fn resolve_windows_elevated_filesystem_overrides(
         .map(codex_utils_absolute_path::AbsolutePathBuf::into_path_buf)
         .map(&normalize_path)
         .collect();
-    let split_readable_root_set: BTreeSet<PathBuf> = split_readable_roots.iter().cloned().collect();
     let split_root_paths: Vec<PathBuf> = split_writable_roots
         .iter()
         .map(|root| normalize_path(root.root.to_path_buf()))
@@ -1227,11 +1220,7 @@ pub(crate) fn resolve_windows_elevated_filesystem_overrides(
     // additional deny ACLs layered on top.
     let split_has_root_read_access =
         windows_policy_has_root_read_access(file_system_sandbox_policy, sandbox_policy_cwd);
-    let matches_legacy_read_access =
-        split_has_root_read_access == sandbox_policy.has_full_disk_read_access();
-    let read_roots_override = if matches_legacy_read_access
-        && (split_has_root_read_access || split_readable_root_set == legacy_readable_root_set)
-    {
+    let read_roots_override = if split_has_root_read_access {
         None
     } else {
         Some(split_readable_roots)

codex-rs/core/src/exec_tests.rs

@@ -678,7 +678,6 @@ fn windows_restricted_token_supports_unreadable_split_carveouts() {
     std::fs::create_dir_all(blocked.as_path()).expect("create blocked");
     let policy = SandboxPolicy::WorkspaceWrite {
         writable_roots: vec![],
-        read_only_access: codex_protocol::protocol::ReadOnlyAccess::FullAccess,
         network_access: false,
         exclude_tmpdir_env_var: true,
         exclude_slash_tmp: true,
@@ -692,7 +691,9 @@ fn windows_restricted_token_supports_unreadable_split_carveouts() {
         },
         codex_protocol::permissions::FileSystemSandboxEntry {
             path: codex_protocol::permissions::FileSystemPath::Special {
-                value: codex_protocol::permissions::FileSystemSpecialPath::CurrentWorkingDirectory,
+                value: codex_protocol::permissions::FileSystemSpecialPath::project_roots(
+                    /*subpath*/ None,
+                ),
             },
             access: codex_protocol::permissions::FileSystemAccessMode::Write,
         },
@@ -715,6 +716,7 @@ fn windows_restricted_token_supports_unreadable_split_carveouts() {
         ),
         Ok(Some(WindowsSandboxFilesystemOverrides {
             read_roots_override: None,
+            read_roots_include_platform_defaults: false,
             write_roots_override: None,
             additional_deny_read_paths: vec![blocked.clone()],
             additional_deny_write_paths: vec![blocked],
@@ -865,6 +867,7 @@ fn windows_elevated_supports_unreadable_split_carveouts() {
         ),
         Ok(Some(WindowsSandboxFilesystemOverrides {
             read_roots_override: None,
+            read_roots_include_platform_defaults: false,
             write_roots_override: None,
             additional_deny_read_paths: vec![
                 codex_utils_absolute_path::AbsolutePathBuf::from_absolute_path(
@@ -926,6 +929,7 @@ fn windows_elevated_supports_unreadable_globs() {
         ),
         Ok(Some(WindowsSandboxFilesystemOverrides {
             read_roots_override: None,
+            read_roots_include_platform_defaults: false,
             write_roots_override: None,
             additional_deny_read_paths: vec![
                 codex_utils_absolute_path::AbsolutePathBuf::from_absolute_path(secret)

codex-rs/windows-sandbox-rs/src/lib.rs

@@ -106,8 +106,6 @@ pub use conpty::ConptyInstance;
 #[cfg(target_os = "windows")]
 pub use conpty::spawn_conpty_process_as_user;
 #[cfg(target_os = "windows")]
-pub use desktop::LaunchDesktop;
-#[cfg(target_os = "windows")]
 pub use deny_read_acl::DenyReadAclRecordKind;
 #[cfg(target_os = "windows")]
 pub use deny_read_acl::apply_deny_read_acls;
@@ -119,6 +117,8 @@ pub use deny_read_acl::plan_deny_read_acl_paths;
 pub use deny_read_acl::write_persistent_deny_read_acl_record;
 pub use deny_read_resolver::resolve_windows_deny_read_paths;
 #[cfg(target_os = "windows")]
+pub use desktop::LaunchDesktop;
+#[cfg(target_os = "windows")]
 pub use dpapi::protect as dpapi_protect;
 #[cfg(target_os = "windows")]
 pub use dpapi::unprotect as dpapi_unprotect;