From 1487d902177258cea71cdd4a55307dfc65860e07 Mon Sep 17 00:00:00 2001
From: partouf <partouf@gmail.com>
Date: Fri, 23 Feb 2024 01:42:17 +0100
Subject: [PATCH] cleanup acls for extra configured paths

---
 src/main.cpp | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/main.cpp b/src/main.cpp
index de4bcf7..6e61dd3 100644
--- a/src/main.cpp
+++ b/src/main.cpp
@@ -199,6 +199,13 @@ DWORD execute_using_appcontainer(const cewrapper::Job &job)
         std::wcerr << "revoking access to: " << home_dir << "\n";
     cewrapper::remove_access_to_path(container.getSid(), home_dir.data(), GENERIC_READ | GENERIC_WRITE | GENERIC_EXECUTE | GENERIC_ALL);
 
+    for (auto &allowed : config.allowed_dirs)
+    {
+        if (config.debugging)
+            std::wcerr << "revoking access to: " << allowed.path << "\n";
+        cewrapper::remove_access_to_path(container.getSid(), allowed.path.data(), allowed.rights);
+    }
+
     return processExitCode;
 }