fix(macos): enforce path-only exec allowlist patterns

2026-04-26 05:48:39 +00:00 · 2026-02-21 22:58:18 +01:00
parent 2712883d16
commit dd41fadcaf
5 changed files with 81 additions and 14 deletions
--- a/apps/macos/Sources/OpenClaw/ExecAllowlistMatcher.swift
+++ b/apps/macos/Sources/OpenClaw/ExecAllowlistMatcher.swift
@@ -5,7 +5,6 @@ enum ExecAllowlistMatcher {
        guard let resolution, !entries.isEmpty else { return nil }
        let rawExecutable = resolution.rawExecutable
        let resolvedPath = resolution.resolvedPath
-        let executableName = resolution.executableName

        for entry in entries {
            let pattern = entry.pattern.trimmingCharacters(in: .whitespacesAndNewlines)
@@ -14,8 +13,6 @@ enum ExecAllowlistMatcher {
            if hasPath {
                let target = resolvedPath ?? rawExecutable
                if self.matches(pattern: pattern, target: target) { return entry }
-            } else if self.matches(pattern: pattern, target: executableName) {
-                return entry
            }
        }
        return nil