implement per-workspace capability SIDs for workspace specific ACLs (#10189)

Today, there is a single capability SID that allows the sandbox to write to * workspace (cwd) * tmp directories if enabled * additional writable roots This change splits those up, so that each workspace has its own capability SID, while tmp and additional roots, which are installation-wide, are still governed by the "generic" capability SID This isolates workspaces from each other in terms of sandbox write access. Also allows us to protect <cwd>/.codex when codex runs in a specific <cwd>
2026-05-04 05:11:37 +03:00 · 2026-02-03 12:37:51 -08:00
parent 654fcb4962
commit aabe0f259c
11 changed files with 336 additions and 104 deletions
--- a/codex-rs/windows-sandbox-rs/src/path_normalization.rs
+++ b/codex-rs/windows-sandbox-rs/src/path_normalization.rs
@@ -0,0 +1,28 @@
+use std::path::Path;
+use std::path::PathBuf;
+
+pub fn canonicalize_path(path: &Path) -> PathBuf {
+    dunce::canonicalize(path).unwrap_or_else(|_| path.to_path_buf())
+}
+
+pub fn canonical_path_key(path: &Path) -> String {
+    canonicalize_path(path)
+        .to_string_lossy()
+        .replace('\\', "/")
+        .to_ascii_lowercase()
+}
+
+#[cfg(test)]
+mod tests {
+    use super::canonical_path_key;
+    use pretty_assertions::assert_eq;
+    use std::path::Path;
+
+    #[test]
+    fn canonical_path_key_normalizes_case_and_separators() {
+        let windows_style = Path::new(r"C:\Users\Dev\Repo");
+        let slash_style = Path::new("c:/users/dev/repo");
+
+        assert_eq!(canonical_path_key(windows_style), canonical_path_key(slash_style));
+    }
+}