mirrors/codex
1
0
Fork 0
mirror of https://github.com/openai/codex.git synced 2026-04-28 02:11:08 +03:00
Code Issues Packages Projects Releases Wiki Activity

Fix Windows sandbox rebase fallout

Browse Source
This commit is contained in:
iceweasel-oai
2026-04-09 14:42:02 -07:00
parent 5c833bb30c
commit a398487141
11 changed files with 83 additions and 83 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
codex-rs/utils/pty/src/lib.rs
View File

@@ -13,10 +13,10 @@ pub const DEFAULT_OUTPUT_BYTES_CAP: usize = 1024 * 1024;
pub use pipe::spawn_process as spawn_pipe_process;
/// Spawn a non-interactive process using regular pipes, but close stdin immediately.
pub use pipe::spawn_process_no_stdin as spawn_pipe_process_no_stdin;
/// Handle for interacting with a spawned process (PTY or pipe).
pub use process::ProcessHandle;
/// Driver-backed process adapter used by integrations with their own process transport.
pub use process::ProcessDriver;
/// Handle for interacting with a spawned process (PTY or pipe).
pub use process::ProcessHandle;
/// Bundle of process handles plus split output and exit receivers returned by spawn helpers.
pub use process::SpawnedProcess;
/// Terminal size in character cells used for PTY spawn and resize operations.

4
codex-rs/utils/pty/src/tests.rs
View File

@@ -3,15 +3,15 @@ use std::path::Path;
use pretty_assertions::assert_eq;
use crate::ProcessDriver;
use crate::SpawnedProcess;
use crate::TerminalSize;
use crate::combine_output_receivers;
use crate::spawn_from_driver;
#[cfg(unix)]
use crate::pipe::spawn_process_no_stdin_with_inherited_fds;
#[cfg(unix)]
use crate::pty::spawn_process_with_inherited_fds;
use crate::ProcessDriver;
use crate::spawn_from_driver;
use crate::spawn_pipe_process;
use crate::spawn_pipe_process_no_stdin;
use crate::spawn_pty_process;

4
codex-rs/windows-sandbox-rs/src/conpty/mod.rs
View File

@@ -6,10 +6,8 @@
//! `tty=true`. The helpers are not tied to the IPC layer and can be reused by other
//! Windows sandbox flows that need a PTY.
mod proc_thread_attr;
use self::proc_thread_attr::ProcThreadAttributeList;
use crate::desktop::LaunchDesktop;
use crate::proc_thread_attr::ProcThreadAttributeList;
use crate::winutil::format_last_error;
use crate::winutil::quote_windows_arg;
use crate::winutil::to_wide;

6
codex-rs/windows-sandbox-rs/src/elevated/command_runner_win.rs
View File

@@ -15,10 +15,12 @@ use anyhow::Result;
use codex_windows_sandbox::ErrorPayload;
use codex_windows_sandbox::ExitPayload;
use codex_windows_sandbox::FramedMessage;
use codex_windows_sandbox::LaunchDesktop;
use codex_windows_sandbox::Message;
use codex_windows_sandbox::OutputPayload;
use codex_windows_sandbox::OutputStream;
use codex_windows_sandbox::PipeSpawnHandles;
use codex_windows_sandbox::ResizePayload;
use codex_windows_sandbox::SandboxPolicy;
use codex_windows_sandbox::SpawnReady;
use codex_windows_sandbox::SpawnRequest;
@@ -39,8 +41,6 @@ use codex_windows_sandbox::read_handle_loop;
use codex_windows_sandbox::spawn_process_with_pipes;
use codex_windows_sandbox::to_wide;
use codex_windows_sandbox::write_frame;
use codex_windows_sandbox::LaunchDesktop;
use codex_windows_sandbox::ResizePayload;
use std::ffi::c_void;
use std::fs::File;
use std::os::windows::io::FromRawHandle;
@@ -58,9 +58,9 @@ use windows_sys::Win32::Storage::FileSystem::CreateFileW;
use windows_sys::Win32::Storage::FileSystem::FILE_GENERIC_READ;
use windows_sys::Win32::Storage::FileSystem::FILE_GENERIC_WRITE;
use windows_sys::Win32::Storage::FileSystem::OPEN_EXISTING;
use windows_sys::Win32::System::Console::COORD;
use windows_sys::Win32::System::Console::ClosePseudoConsole;
use windows_sys::Win32::System::Console::ResizePseudoConsole;
use windows_sys::Win32::System::Console::COORD;
use windows_sys::Win32::System::JobObjects::AssignProcessToJobObject;
use windows_sys::Win32::System::JobObjects::CreateJobObjectW;
use windows_sys::Win32::System::JobObjects::JOB_OBJECT_LIMIT_KILL_ON_JOB_CLOSE;

8
codex-rs/windows-sandbox-rs/src/elevated/runner_client.rs
View File

@@ -1,15 +1,15 @@
use crate::identity::SandboxCreds;
use crate::ipc_framed::read_frame;
use crate::ipc_framed::write_frame;
use crate::ipc_framed::FramedMessage;
use crate::ipc_framed::Message;
use crate::ipc_framed::SpawnRequest;
use crate::ipc_framed::read_frame;
use crate::ipc_framed::write_frame;
use crate::runner_pipe::PIPE_ACCESS_INBOUND;
use crate::runner_pipe::PIPE_ACCESS_OUTBOUND;
use crate::runner_pipe::connect_pipe;
use crate::runner_pipe::create_named_pipe;
use crate::runner_pipe::find_runner_exe;
use crate::runner_pipe::pipe_pair;
use crate::runner_pipe::PIPE_ACCESS_INBOUND;
use crate::runner_pipe::PIPE_ACCESS_OUTBOUND;
use crate::winutil::quote_windows_arg;
use crate::winutil::to_wide;
use anyhow::Result;

6
codex-rs/windows-sandbox-rs/src/elevated/runner_pipe.rs
View File

@@ -6,22 +6,22 @@
//! and elevated capture. The legacy restrictedtoken path spawns the child directly
//! and does not use these helpers.
use crate::helper_materialization::resolve_helper_for_launch;
use crate::helper_materialization::HelperExecutable;
use crate::helper_materialization::resolve_helper_for_launch;
use crate::winutil::resolve_sid;
use crate::winutil::string_from_sid_bytes;
use crate::winutil::to_wide;
use rand::rngs::SmallRng;
use rand::Rng;
use rand::SeedableRng;
use rand::rngs::SmallRng;
use std::io;
use std::path::Path;
use std::path::PathBuf;
use std::ptr;
use windows_sys::Win32::Foundation::GetLastError;
use windows_sys::Win32::Foundation::LocalFree;
use windows_sys::Win32::Foundation::HANDLE;
use windows_sys::Win32::Foundation::HLOCAL;
use windows_sys::Win32::Foundation::LocalFree;
use windows_sys::Win32::Security::Authorization::ConvertStringSecurityDescriptorToSecurityDescriptorW;
use windows_sys::Win32::Security::PSECURITY_DESCRIPTOR;
use windows_sys::Win32::Security::SECURITY_ATTRIBUTES;

8
codex-rs/windows-sandbox-rs/src/lib.rs
View File

@@ -162,16 +162,16 @@ pub use process::read_handle_loop;
#[cfg(target_os = "windows")]
pub use process::spawn_process_with_pipes;
#[cfg(target_os = "windows")]
pub use session::spawn_windows_sandbox_session_elevated;
#[cfg(target_os = "windows")]
pub use session::spawn_windows_sandbox_session_legacy;
#[cfg(target_os = "windows")]
pub use setup::SETUP_VERSION;
#[cfg(target_os = "windows")]
pub use setup::SandboxSetupRequest;
#[cfg(target_os = "windows")]
pub use setup::SetupRootOverrides;
#[cfg(target_os = "windows")]
pub use session::spawn_windows_sandbox_session_elevated;
#[cfg(target_os = "windows")]
pub use session::spawn_windows_sandbox_session_legacy;
#[cfg(target_os = "windows")]
pub use setup::run_elevated_setup;
#[cfg(target_os = "windows")]
pub use setup::run_setup_refresh;

8
codex-rs/windows-sandbox-rs/src/spawn_prep.rs
View File

@@ -1,20 +1,20 @@
use crate::acl::add_allow_ace;
use crate::acl::add_deny_write_ace;
use crate::acl::allow_null_device;
use crate::allow::compute_allow_paths;
use crate::allow::AllowDenyPaths;
use crate::allow::compute_allow_paths;
use crate::cap::load_or_create_cap_sids;
use crate::cap::workspace_cap_sid_for_cwd;
use crate::env::apply_no_network_to_env;
use crate::env::ensure_non_interactive_pager;
use crate::env::inherit_path_env;
use crate::env::normalize_null_device_env;
use crate::identity::require_logon_sandbox_creds;
use crate::identity::SandboxCreds;
use crate::identity::require_logon_sandbox_creds;
use crate::logging::log_start;
use crate::path_normalization::canonicalize_path;
use crate::policy::parse_policy;
use crate::policy::SandboxPolicy;
use crate::policy::parse_policy;
use crate::sandbox_utils::ensure_codex_home_exists;
use crate::sandbox_utils::inject_git_safe_directory;
use crate::token::convert_string_sid_to_sid;
@@ -31,9 +31,9 @@ use std::ffi::c_void;
use std::path::Path;
use std::path::PathBuf;
use windows_sys::Win32::Foundation::CloseHandle;
use windows_sys::Win32::Foundation::LocalFree;
use windows_sys::Win32::Foundation::HANDLE;
use windows_sys::Win32::Foundation::HLOCAL;
use windows_sys::Win32::Foundation::LocalFree;
pub(crate) struct SpawnContext {
pub(crate) policy: SandboxPolicy,

12
codex-rs/windows-sandbox-rs/src/unified_exec/backends/legacy.rs
View File

@@ -5,15 +5,15 @@ use crate::conpty::spawn_conpty_process_as_user;
use crate::desktop::LaunchDesktop;
use crate::logging::log_failure;
use crate::logging::log_success;
use crate::process::read_handle_loop;
use crate::process::spawn_process_with_pipes;
use crate::process::StderrMode;
use crate::process::StdinMode;
use crate::process::read_handle_loop;
use crate::process::spawn_process_with_pipes;
use crate::spawn_prep::LocalSid;
use crate::spawn_prep::allow_null_device_for_workspace_write;
use crate::spawn_prep::apply_legacy_session_acl_rules;
use crate::spawn_prep::prepare_legacy_session_security;
use crate::spawn_prep::prepare_legacy_spawn_context;
use crate::spawn_prep::LocalSid;
use anyhow::Result;
use codex_utils_pty::ProcessDriver;
use codex_utils_pty::SpawnedProcess;
@@ -32,14 +32,14 @@ use windows_sys::Win32::Foundation::GetLastError;
use windows_sys::Win32::Foundation::HANDLE;
use windows_sys::Win32::Foundation::INVALID_HANDLE_VALUE;
use windows_sys::Win32::Storage::FileSystem::WriteFile;
use windows_sys::Win32::System::Console::COORD;
use windows_sys::Win32::System::Console::ClosePseudoConsole;
use windows_sys::Win32::System::Console::ResizePseudoConsole;
use windows_sys::Win32::System::Console::COORD;
use windows_sys::Win32::System::Threading::GetExitCodeProcess;
use windows_sys::Win32::System::Threading::TerminateProcess;
use windows_sys::Win32::System::Threading::WaitForSingleObject;
use windows_sys::Win32::System::Threading::INFINITE;
use windows_sys::Win32::System::Threading::PROCESS_INFORMATION;
use windows_sys::Win32::System::Threading::TerminateProcess;
use windows_sys::Win32::System::Threading::WaitForSingleObject;
const WAIT_TIMEOUT: u32 = 0x0000_0102;

104
codex-rs/windows-sandbox-rs/src/unified_exec/backends/windows_common.rs
View File

@@ -1,16 +1,16 @@
use crate::ipc_framed::decode_bytes;
use crate::ipc_framed::encode_bytes;
use crate::ipc_framed::EmptyPayload;
use crate::ipc_framed::FramedMessage;
use crate::ipc_framed::Message;
use crate::ipc_framed::OutputStream;
use crate::ipc_framed::ResizePayload;
use crate::ipc_framed::StdinPayload;
use crate::ipc_framed::decode_bytes;
use crate::ipc_framed::encode_bytes;
use anyhow::Result;
use codex_utils_pty::spawn_from_driver;
use codex_utils_pty::ProcessDriver;
use codex_utils_pty::SpawnedProcess;
use codex_utils_pty::TerminalSize;
use codex_utils_pty::spawn_from_driver;
use std::fs::File;
use tokio::sync::broadcast;
use tokio::sync::mpsc;
@@ -98,61 +98,63 @@ pub(crate) fn start_runner_stdout_reader(
stderr_tx: Option<broadcast::Sender<Vec<u8>>>,
exit_tx: oneshot::Sender<i32>,
) {
std::thread::spawn(move || loop {
let msg = match crate::ipc_framed::read_frame(&mut pipe_read) {
Ok(Some(v)) => v,
Ok(None) => {
send_runner_error(
"runner pipe closed before exit",
&stdout_tx,
stderr_tx.as_ref(),
);
let _ = exit_tx.send(-1);
break;
}
Err(err) => {
send_runner_error(
&format!("runner read failed: {err}"),
&stdout_tx,
stderr_tx.as_ref(),
);
let _ = exit_tx.send(-1);
break;
}
};
std::thread::spawn(move || {
loop {
let msg = match crate::ipc_framed::read_frame(&mut pipe_read) {
Ok(Some(v)) => v,
Ok(None) => {
send_runner_error(
"runner pipe closed before exit",
&stdout_tx,
stderr_tx.as_ref(),
);
let _ = exit_tx.send(-1);
break;
}
Err(err) => {
send_runner_error(
&format!("runner read failed: {err}"),
&stdout_tx,
stderr_tx.as_ref(),
);
let _ = exit_tx.send(-1);
break;
}
};
match msg.message {
Message::Output { payload } => {
if let Ok(data) = decode_bytes(&payload.data_b64) {
match payload.stream {
OutputStream::Stdout => {
let _ = stdout_tx.send(data);
}
OutputStream::Stderr => {
if let Some(stderr_tx) = stderr_tx.as_ref() {
let _ = stderr_tx.send(data);
} else {
match msg.message {
Message::Output { payload } => {
if let Ok(data) = decode_bytes(&payload.data_b64) {
match payload.stream {
OutputStream::Stdout => {
let _ = stdout_tx.send(data);
}
OutputStream::Stderr => {
if let Some(stderr_tx) = stderr_tx.as_ref() {
let _ = stderr_tx.send(data);
} else {
let _ = stdout_tx.send(data);
}
}
}
}
}
Message::Exit { payload } => {
let _ = exit_tx.send(payload.exit_code);
break;
}
Message::Error { payload } => {
send_runner_error(&payload.message, &stdout_tx, stderr_tx.as_ref());
let _ = exit_tx.send(-1);
break;
}
Message::SpawnReady { .. }
| Message::Stdin { .. }
| Message::CloseStdin { .. }
| Message::Resize { .. }
| Message::SpawnRequest { .. }
| Message::Terminate { .. } => {}
}
Message::Exit { payload } => {
let _ = exit_tx.send(payload.exit_code);
break;
}
Message::Error { payload } => {
send_runner_error(&payload.message, &stdout_tx, stderr_tx.as_ref());
let _ = exit_tx.send(-1);
break;
}
Message::SpawnReady { .. }
| Message::Stdin { .. }
| Message::CloseStdin { .. }
| Message::Resize { .. }
| Message::SpawnRequest { .. }
| Message::Terminate { .. } => {}
}
});
}

2
codex-rs/windows-sandbox-rs/src/unified_exec/tests.rs
View File

@@ -1,9 +1,9 @@
#![cfg(target_os = "windows")]
use super::spawn_windows_sandbox_session_legacy;
use crate::ipc_framed::Message;
use crate::ipc_framed::decode_bytes;
use crate::ipc_framed::read_frame;
use crate::ipc_framed::Message;
use crate::run_windows_sandbox_capture;
use codex_utils_pty::ProcessDriver;
use pretty_assertions::assert_eq;