codex-rs/windows-sandbox-rs/src/allow.rs

use crate::policy::SandboxMode;
use crate::policy::SandboxPolicy;
use std::collections::HashMap;
use std::path::Path;
use std::path::PathBuf;

pub fn compute_allow_paths(
    policy: &SandboxPolicy,
    _policy_cwd: &Path,
    command_cwd: &Path,
    env_map: &HashMap<String, String>,
) -> Vec<PathBuf> {
    let mut allow: Vec<PathBuf> = Vec::new();
    let mut seen = std::collections::HashSet::new();
    if matches!(policy.0, SandboxMode::WorkspaceWrite) {
        let abs = command_cwd.to_path_buf();
        if seen.insert(abs.to_string_lossy().to_string()) && abs.exists() {
            allow.push(abs);
        }
    }
    if !matches!(policy.0, SandboxMode::ReadOnly) {
        for key in ["TEMP", "TMP"] {
            if let Some(v) = env_map.get(key) {
                let abs = PathBuf::from(v);
                if seen.insert(abs.to_string_lossy().to_string()) && abs.exists() {
                    allow.push(abs);
                }
            } else if let Ok(v) = std::env::var(key) {
                let abs = PathBuf::from(v);
                if seen.insert(abs.to_string_lossy().to_string()) && abs.exists() {
                    allow.push(abs);
                }
            }
        }
    }
    allow
}
Windows Sandbox - Alpha version (#4905) - Added the new codex-windows-sandbox crate that builds both a library entry point (run_windows_sandbox_capture) and a CLI executable to launch commands inside a Windows restricted-token sandbox, including ACL management, capability SID provisioning, network lockdown, and output capture (windows-sandbox-rs/src/lib.rs:167, windows-sandbox-rs/src/main.rs:54). - Introduced the experimental WindowsSandbox feature flag and wiring so Windows builds can opt into the sandbox: SandboxType::WindowsRestrictedToken, the in-process execution path, and platform sandbox selection now honor the flag (core/src/features.rs:47, core/src/config.rs:1224, core/src/safety.rs:19, core/src/sandboxing/mod.rs:69, core/src/exec.rs:79, core/src/exec.rs:172). - Updated workspace metadata to include the new crate and its Windows-specific dependencies so the core crate can link against it (codex-rs/ Cargo.toml:91, core/Cargo.toml:86). - Added a PowerShell bootstrap script that installs the Windows toolchain, required CLI utilities, and builds the workspace to ease development on the platform (scripts/setup-windows.ps1:1). - Landed a Python smoke-test suite that exercises read-only/workspace-write policies, ACL behavior, and network denial for the Windows sandbox binary (windows-sandbox-rs/sandbox_smoketests.py:1). 2025-10-30 15:51:57 -07:00			`use crate::policy::SandboxMode;`
			`use crate::policy::SandboxPolicy;`
			`use std::collections::HashMap;`
			`use std::path::Path;`
			`use std::path::PathBuf;`

			`pub fn compute_allow_paths(`
			`policy: &SandboxPolicy,`
			`_policy_cwd: &Path,`
			`command_cwd: &Path,`
			`env_map: &HashMap<String, String>,`
			`) -> Vec<PathBuf> {`
			`let mut allow: Vec<PathBuf> = Vec::new();`
			`let mut seen = std::collections::HashSet::new();`
			`if matches!(policy.0, SandboxMode::WorkspaceWrite) {`
			`let abs = command_cwd.to_path_buf();`
			`if seen.insert(abs.to_string_lossy().to_string()) && abs.exists() {`
			`allow.push(abs);`
			`}`
			`}`
			`if !matches!(policy.0, SandboxMode::ReadOnly) {`
			`for key in ["TEMP", "TMP"] {`
			`if let Some(v) = env_map.get(key) {`
			`let abs = PathBuf::from(v);`
			`if seen.insert(abs.to_string_lossy().to_string()) && abs.exists() {`
			`allow.push(abs);`
			`}`
			`} else if let Ok(v) = std::env::var(key) {`
			`let abs = PathBuf::from(v);`
			`if seen.insert(abs.to_string_lossy().to_string()) && abs.exists() {`
			`allow.push(abs);`
			`}`
			`}`
			`}`
			`}`
			`allow`
			`}`