viyatb-oai 95ba762620 fix: support split carveouts in windows restricted-token sandbox (#14172) ...

## Summary
- keep legacy Windows restricted-token sandboxing as the supported
baseline
- support the split-policy subset that restricted-token can enforce
directly today
- support full-disk read, the same writable root set as legacy
`WorkspaceWrite`, and extra read-only carveouts under those writable
roots via additional deny-write ACLs
- continue to fail closed for unsupported split-only shapes, including
explicit unreadable (`none`) carveouts, reopened writable descendants
under read-only carveouts, and writable root sets that do not match the
legacy workspace roots

## Example
Given a filesystem policy like:

```toml
":root" = "read"
":cwd" = "write"
"./docs" = "read"
```

the restricted-token backend can keep the workspace writable while
denying writes under `docs` by layering an extra deny-write carveout on
top of the legacy workspace-write roots.

A policy like:

```toml
"/workspace" = "write"
"/workspace/docs" = "read"
"/workspace/docs/tmp" = "write"
```

still fails closed, because the unelevated backend cannot reopen the
nested writable descendant safely.

## Stack
-> fix: support split carveouts in windows restricted-token sandbox
#14172
fix: support split carveouts in windows elevated sandbox #14568

2026-03-24 22:54:18 -07:00

..

src

fix: support split carveouts in windows restricted-token sandbox (#14172)

2026-03-24 22:54:18 -07:00

BUILD.bazel

feat: add support for building with Bazel (#8875)

2026-01-09 11:09:43 -08:00

build.rs

Elevated Sandbox 2 (#7792)

2025-12-10 21:23:16 -08:00

Cargo.toml

windows-sandbox: add runner IPC foundation for future unified_exec (#14139)

2026-03-16 19:45:06 +00:00

codex-windows-sandbox-setup.manifest

Elevated Sandbox 2 (#7792)

2025-12-10 21:23:16 -08:00

sandbox_smoketests.py

smoketest for browser vuln, rough draft of Windows security doc (#6822)

2025-11-18 16:43:34 -08:00