diff --git a/codex-rs/windows-sandbox-rs/src/helper_materialization.rs b/codex-rs/windows-sandbox-rs/src/helper_materialization.rs index 375199f5cc..ce2f281e96 100644 --- a/codex-rs/windows-sandbox-rs/src/helper_materialization.rs +++ b/codex-rs/windows-sandbox-rs/src/helper_materialization.rs @@ -1,6 +1,6 @@ -use anyhow::anyhow; use anyhow::Context; use anyhow::Result; +use anyhow::anyhow; use std::collections::HashMap; use std::fs; use std::io::Write; @@ -16,18 +16,21 @@ use crate::sandbox_bin_dir; #[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)] pub(crate) enum HelperExecutable { CommandRunner, + Setup, } impl HelperExecutable { fn file_name(self) -> &'static str { match self { Self::CommandRunner => "codex-command-runner.exe", + Self::Setup => "codex-windows-sandbox-setup.exe", } } fn label(self) -> &'static str { match self { Self::CommandRunner => "command-runner", + Self::Setup => "setup-helper", } } } @@ -49,7 +52,7 @@ pub(crate) fn legacy_lookup(kind: HelperExecutable) -> PathBuf { && let Some(dir) = exe.parent() { let candidate = dir.join(kind.file_name()); - if candidate.exists() { + if candidate.exists() && !is_windows_apps_path(dir) { return candidate; } } @@ -88,10 +91,7 @@ pub(crate) fn resolve_helper_for_launch( } } -pub fn resolve_current_exe_for_launch( - codex_home: &Path, - fallback_executable: &str, -) -> PathBuf { +pub fn resolve_current_exe_for_launch(codex_home: &Path, fallback_executable: &str) -> PathBuf { let source = match std::env::current_exe() { Ok(path) => path, Err(_) => return PathBuf::from(fallback_executable), @@ -182,6 +182,13 @@ fn sibling_source_path(kind: HelperExecutable) -> Result { let dir = exe .parent() .ok_or_else(|| anyhow!("current executable has no parent directory"))?; + if is_windows_apps_path(dir) { + return Err(anyhow!( + "refusing to source {} from WindowsApps directory {}", + kind.label(), + dir.display() + )); + } let candidate = dir.join(kind.file_name()); if candidate.exists() { Ok(candidate) @@ -198,9 +205,12 @@ fn copy_from_source_if_needed(source: &Path, destination: &Path) -> Result Result { Ok(meta) => meta, Err(err) if err.kind() == std::io::ErrorKind::NotFound => return Ok(false), Err(err) => { - return Err(err) - .with_context(|| format!("read helper destination metadata {}", destination.display())); + return Err(err).with_context(|| { + format!("read helper destination metadata {}", destination.display()) + }); } }; @@ -287,19 +298,43 @@ fn destination_is_fresh(source: &Path, destination: &Path) -> Result { .modified() .with_context(|| format!("read helper destination mtime {}", destination.display()))?; - Ok(destination_modified >= source_modified) + if destination_modified < source_modified { + return Ok(false); + } + + files_match(source, destination) +} + +fn files_match(source: &Path, destination: &Path) -> Result { + let source_bytes = fs::read(source) + .with_context(|| format!("read helper source bytes {}", source.display()))?; + let destination_bytes = fs::read(destination) + .with_context(|| format!("read helper destination bytes {}", destination.display()))?; + Ok(source_bytes == destination_bytes) +} + +pub(crate) fn is_windows_apps_path(path: &Path) -> bool { + path.components().any(|component| { + component + .as_os_str() + .to_string_lossy() + .eq_ignore_ascii_case("WindowsApps") + }) } #[cfg(test)] mod tests { + use super::CopyOutcome; + use super::copy_from_source_if_needed; use super::destination_is_fresh; use super::helper_bin_dir; - use super::copy_from_source_if_needed; - use super::CopyOutcome; + use super::is_windows_apps_path; use pretty_assertions::assert_eq; use std::fs; + use std::fs::FileTimes; use std::path::Path; use std::path::PathBuf; + use std::time::SystemTime; use tempfile::TempDir; #[test] @@ -313,7 +348,10 @@ mod tests { let outcome = copy_from_source_if_needed(&source, &destination).expect("copy helper"); assert_eq!(CopyOutcome::ReCopied, outcome); - assert_eq!(b"runner-v1".as_slice(), fs::read(&destination).expect("read destination")); + assert_eq!( + b"runner-v1".as_slice(), + fs::read(&destination).expect("read destination") + ); } #[test] @@ -340,11 +378,42 @@ mod tests { fs::write(&source, b"runner-v1").expect("write source"); copy_from_source_if_needed(&source, &destination).expect("initial copy"); - let outcome = - copy_from_source_if_needed(&source, &destination).expect("revalidate helper"); + let outcome = copy_from_source_if_needed(&source, &destination).expect("revalidate helper"); assert_eq!(CopyOutcome::Reused, outcome); - assert_eq!(b"runner-v1".as_slice(), fs::read(&destination).expect("read destination")); + assert_eq!( + b"runner-v1".as_slice(), + fs::read(&destination).expect("read destination") + ); + } + + #[test] + fn destination_is_not_fresh_when_same_size_and_same_mtime_content_drifts() { + let tmp = TempDir::new().expect("tempdir"); + let source = tmp.path().join("source.exe"); + let destination = tmp.path().join("destination.exe"); + + fs::write(&source, b"runner-v1").expect("write source"); + fs::write(&destination, b"runner-v2").expect("write destination"); + + let shared_mtime = SystemTime::now(); + fs::File::options() + .write(true) + .open(&source) + .expect("open source") + .set_times(FileTimes::new().set_modified(shared_mtime)) + .expect("set source mtime"); + fs::File::options() + .write(true) + .open(&destination) + .expect("open destination") + .set_times(FileTimes::new().set_modified(shared_mtime)) + .expect("set destination mtime"); + + assert!( + !destination_is_fresh(&source, &destination) + .expect("content drift should mark destination stale") + ); } #[test] @@ -376,4 +445,17 @@ mod tests { fs::read(&runner_destination).expect("read runner") ); } + + #[test] + fn windows_apps_paths_are_detected_case_insensitively() { + assert!(is_windows_apps_path(Path::new( + r"C:\Program Files\WindowsApps\OpenAI.Codex\codex.exe" + ))); + assert!(is_windows_apps_path(Path::new( + r"c:\program files\windowsapps\OpenAI.Codex" + ))); + assert!(!is_windows_apps_path(Path::new( + r"C:\Users\example\.codex\.sandbox-bin" + ))); + } } diff --git a/codex-rs/windows-sandbox-rs/src/setup_orchestrator.rs b/codex-rs/windows-sandbox-rs/src/setup_orchestrator.rs index f6583e0de4..cc012317d9 100644 --- a/codex-rs/windows-sandbox-rs/src/setup_orchestrator.rs +++ b/codex-rs/windows-sandbox-rs/src/setup_orchestrator.rs @@ -12,7 +12,10 @@ use std::process::Stdio; use crate::allow::AllowDenyPaths; use crate::allow::compute_allow_paths; +use crate::helper_materialization::HelperExecutable; use crate::helper_materialization::helper_bin_dir; +use crate::helper_materialization::is_windows_apps_path; +use crate::helper_materialization::resolve_helper_for_launch; use crate::logging::log_note; use crate::path_normalization::canonical_path_key; use crate::policy::SandboxPolicy; @@ -172,7 +175,7 @@ fn run_setup_refresh_inner( }; let json = serde_json::to_vec(&payload)?; let b64 = BASE64_STANDARD.encode(json); - let exe = find_setup_exe(); + let exe = resolve_setup_exe_for_launch(request.codex_home); // Refresh should never request elevation; ensure verb isn't set and we don't trigger UAC. let mut cmd = Command::new(&exe); cmd.arg(&b64).stdout(Stdio::null()).stderr(Stdio::null()); @@ -333,9 +336,9 @@ fn profile_read_roots(user_profile: &Path) -> Vec { fn gather_helper_read_roots(codex_home: &Path) -> Vec { let mut roots = Vec::new(); if let Ok(exe) = std::env::current_exe() - && let Some(dir) = exe.parent() + && let Some(dir) = current_exe_parent_read_root_from_path(&exe) { - roots.push(dir.to_path_buf()); + roots.push(dir); } let helper_dir = helper_bin_dir(codex_home); let _ = std::fs::create_dir_all(&helper_dir); @@ -343,6 +346,11 @@ fn gather_helper_read_roots(codex_home: &Path) -> Vec { roots } +fn current_exe_parent_read_root_from_path(exe: &Path) -> Option { + let dir = exe.parent()?; + (!is_windows_apps_path(dir)).then(|| dir.to_path_buf()) +} + fn gather_legacy_full_read_roots( command_cwd: &Path, policy: &SandboxPolicy, @@ -569,16 +577,12 @@ fn quote_arg(arg: &str) -> String { out } -fn find_setup_exe() -> PathBuf { - if let Ok(exe) = std::env::current_exe() - && let Some(dir) = exe.parent() - { - let candidate = dir.join("codex-windows-sandbox-setup.exe"); - if candidate.exists() { - return candidate; - } - } - PathBuf::from("codex-windows-sandbox-setup.exe") +fn resolve_setup_exe_for_launch(codex_home: &Path) -> PathBuf { + resolve_helper_for_launch( + HelperExecutable::Setup, + codex_home, + Some(&sandbox_dir(codex_home)), + ) } fn report_helper_failure( @@ -611,7 +615,7 @@ fn run_setup_exe( use windows_sys::Win32::UI::Shell::SEE_MASK_NOCLOSEPROCESS; use windows_sys::Win32::UI::Shell::SHELLEXECUTEINFOW; use windows_sys::Win32::UI::Shell::ShellExecuteExW; - let exe = find_setup_exe(); + let exe = resolve_setup_exe_for_launch(codex_home); let payload_json = serde_json::to_string(payload).map_err(|err| { failure( SetupErrorCode::OrchestratorPayloadSerializeFailed, @@ -1009,6 +1013,22 @@ mod tests { assert!(roots.contains(&expected)); } + #[test] + fn gather_helper_read_roots_skips_windows_apps_parent() { + let codex_home = Path::new(r"C:\Users\example\.codex"); + let exe_path = Path::new( + r"C:\Program Files\WindowsApps\OpenAI.Codex_1.0.0.0_x64__8wekyb3d8bbwe\codex.exe", + ); + + assert_eq!(None, current_exe_parent_read_root_from_path(exe_path),); + assert_eq!(vec![helper_bin_dir(codex_home)], { + let mut roots = Vec::new(); + roots.extend(current_exe_parent_read_root_from_path(exe_path)); + roots.push(helper_bin_dir(codex_home)); + roots + }); + } + #[test] fn restricted_read_roots_skip_platform_defaults_when_disabled() { let tmp = TempDir::new().expect("tempdir");