iceweasel-oai c9edb26755 windows-sandbox: fail elevated setup when firewall policy is ineffective (#22353) ...

## Why

Elevated Windows sandbox setup currently assumes that the firewall rules
it writes will take effect. On managed Windows hosts, local firewall
policy changes can be ignored or only partially apply across the active
profiles, which means setup can appear to succeed without providing the
expected network isolation.

## What changed

- Query `INetFwPolicy2::LocalPolicyModifyState` before configuring the
elevated sandbox firewall rules.
- Fail setup when Windows reports that local firewall policy edits are
ineffective or only apply to some current profiles.
- Surface that condition with a dedicated
`helper_firewall_policy_ineffective` setup error code so support and
IT-facing diagnostics can distinguish it from COM access failures.
- Add focused coverage for effective policy, group-policy override, and
partial-profile coverage cases.

## Testing

- `cargo test -p codex-windows-sandbox --bin
codex-windows-sandbox-setup`

2026-05-13 18:43:14 +00:00

..

src

windows-sandbox: fail elevated setup when firewall policy is ineffective (#22353)

2026-05-13 18:43:14 +00:00

BUILD.bazel

chore: move pty and windows sandbox to Rust 2024 (#15954)

2026-03-27 02:31:08 -07:00

build.rs

Codex/windows bazel rust test coverage no rs (#16528)

2026-04-03 15:34:03 -07:00

Cargo.toml

Enable --deny-warnings for cargo shear (#21616)

2026-05-08 20:29:00 +00:00

codex-windows-sandbox-setup.manifest

Elevated Sandbox 2 (#7792)

2025-12-10 21:23:16 -08:00

sandbox_smoketests.py

chore(cli) deprecate --full-auto (#20133)

2026-04-29 04:41:30 +00:00