mirror of
https://github.com/openai/codex.git
synced 2026-05-16 17:23:57 +00:00
9c0eced391
## Why Shell escalation still has adapter code that expects a legacy sandbox policy, but command approvals should carry the resolved `PermissionProfile` so callers can reason about the granted permissions canonically. ## What changed This introduces profile-shaped resolved escalation permissions while retaining the derived legacy sandbox policy for the Unix escalation adapter. It updates approval types, the escalation server protocol, and tests that inspect escalated command permissions. ## Verification - `cargo test -p codex-core --test all handle_container_exec_ -- --nocapture` - `cargo test -p codex-core --test all handle_sandbox_ -- --nocapture` --- [//]: # (BEGIN SAPLING FOOTER) Stack created with [Sapling](https://sapling-scm.com). Best reviewed with [ReviewStack](https://reviewstack.dev/openai/codex/pull/18287). * #18288 * __->__ #18287
36 lines
770 B
Rust
36 lines
770 B
Rust
#[cfg(unix)]
|
|
mod unix;
|
|
|
|
#[cfg(unix)]
|
|
pub use unix::ESCALATE_SOCKET_ENV_VAR;
|
|
#[cfg(unix)]
|
|
pub use unix::EscalateAction;
|
|
#[cfg(unix)]
|
|
pub use unix::EscalateServer;
|
|
#[cfg(unix)]
|
|
pub use unix::EscalationDecision;
|
|
#[cfg(unix)]
|
|
pub use unix::EscalationExecution;
|
|
#[cfg(unix)]
|
|
pub use unix::EscalationPermissions;
|
|
#[cfg(unix)]
|
|
pub use unix::EscalationPolicy;
|
|
#[cfg(unix)]
|
|
pub use unix::EscalationSession;
|
|
#[cfg(unix)]
|
|
pub use unix::ExecParams;
|
|
#[cfg(unix)]
|
|
pub use unix::ExecResult;
|
|
#[cfg(unix)]
|
|
pub use unix::PreparedExec;
|
|
#[cfg(unix)]
|
|
pub use unix::ResolvedPermissionProfile;
|
|
#[cfg(unix)]
|
|
pub use unix::ShellCommandExecutor;
|
|
#[cfg(unix)]
|
|
pub use unix::Stopwatch;
|
|
#[cfg(unix)]
|
|
pub use unix::main_execve_wrapper;
|
|
#[cfg(unix)]
|
|
pub use unix::run_shell_escalation_execve_wrapper;
|