[codex] Fix macOS sandbox platform allowances for document rendering

[dibyo-openai]

Summary

Fix macOS Seatbelt policy generation for document rendering tools such as LibreOffice that initialize AppKit/CoreServices even when running headless.

workspace-write has full-disk file read access, so Codex intentionally skips restricted_read_only_platform_defaults.sbpl. That part is still correct for file reads, but it meant non-file macOS platform permissions were also skipped. This moves the minimal observed required platform allowances into the always-on base policy without broadening file access.

After local exploration prompted by review feedback, the base-policy additions are narrowed to:

• com.apple.coreservices.launchservicesd
• com.apple.windowserver.active
• LibreOffice's /private/tmp/OSL_PIPE_* AF_UNIX bind pattern only

The follow-up exploration found these initially proposed allowances were not required for the repro and are no longer added:

• kern.bootargs
• kern.iossupportversion
• kern.willshutdown
• security.mac.lockdown_mode_state
• com.apple.CoreServices.coreservicesd
• com.apple.hiservices-xpcservice
• com.apple.lsd.mapdb

The regression test verifies workspace-write still has full-disk read and still skips the restricted defaults, while retaining the remaining base allowances. It also checks that broader WindowServer/ViewBridge/temp-socket rules and the removed noisy allowances are not present.

Risk notes

The revised set is smaller, but the remaining permissions are still sensitive. The local matrix showed launchservicesd avoids the abort, windowserver.active avoids a hang, and the OSL_PIPE_* bind is required for LibreOffice to produce output. It does not by itself prove these belong in always-on base policy versus a narrower document-rendering path, so keeping this as draft for sandbox review.

Renderer-side alternatives tested and found insufficient:

• SAL_USE_VCLPLUGIN=svp
• --nolockcheck --nodefault --nologo --nofirststartwizard

Testing

• just fmt
• RUSTUP_TOOLCHAIN=1.93.1 cargo test -p codex-sandboxing
• RUSTUP_TOOLCHAIN=1.93.1 cargo build -p codex-cli --bin codex
• Verified the real Documents render_docx.py command succeeds under revised codex sandbox macos --permissions-profile :workspace
• Verified output artifacts under /private/tmp/codex-lo-repro/revised-pr-policy-render: python-docx-minimal.pdf, page-1.png
• just fix -p codex-sandboxing
• git diff --check

[github-actions]

Thank you for your submission, we really appreciate it. Like many open-source projects, we ask that you sign our Contributor License Agreement before we can accept your contribution. You can sign the CLA by just posting a Pull Request Comment same as the below format.

---

I have read the CLA Document and I hereby sign the CLA

---

_{You can retrigger this bot by commenting recheck in this Pull Request. Posted by the CLA Assistant Lite bot.}