cleanup exec_policy getters

codex-rs/core/src/codex.rs

@@ -50,6 +50,7 @@ use mcp_types::RequestId;
 use serde_json;
 use serde_json::Value;
 use tokio::sync::Mutex;
+use tokio::sync::OwnedRwLockReadGuard;
 use tokio::sync::RwLock;
 use tokio::sync::oneshot;
 use tokio_util::sync::CancellationToken;
@@ -894,9 +895,12 @@ impl Session {
         Ok(())
     }
 
-    pub(crate) async fn current_exec_policy(&self) -> Arc<RwLock<ExecPolicy>> {
-        let state = self.state.lock().await;
-        state.session_configuration.exec_policy.clone()
+    pub(crate) async fn current_exec_policy(&self) -> OwnedRwLockReadGuard<ExecPolicy> {
+        let exec_policy = {
+            let state = self.state.lock().await;
+            state.session_configuration.exec_policy.clone()
+        };
+        exec_policy.read_owned().await
     }
 
     /// Emit an exec approval request event and await the user's decision.

codex-rs/core/src/tools/handlers/shell.rs

@@ -233,7 +233,6 @@ impl ShellHandler {
 
         let features = session.features().await;
         let exec_policy = session.current_exec_policy().await;
-        let exec_policy = exec_policy.read().await;
         let req = ShellRequest {
             command: exec_params.command.clone(),
             cwd: exec_params.cwd.clone(),

codex-rs/core/src/unified_exec/session_manager.rs

@@ -557,7 +557,6 @@ impl UnifiedExecSessionManager {
         let mut orchestrator = ToolOrchestrator::new();
         let mut runtime = UnifiedExecRuntime::new(self);
         let exec_policy = context.session.current_exec_policy().await;
-        let exec_policy = exec_policy.read().await;
         let req = UnifiedExecToolRequest::new(
             command.to_vec(),
             cwd,