Persistent approval fails to update execpolicy rules on Termux

[GFernie]

Summary

On Termux, choosing persistent approval with p in interactive Codex succeeds for the current command but fails to persist the approval rule.

The command runs, but Codex reports that it could not update the execpolicy rules file because locking the policy file is not supported.

Environment

• Package: @mmmbuto/codex-cli-termux@0.116.2
• Device environment: Android Termux ARM64
• Reproduced with both the installed package and a locally rebuilt binary from this repo before the fix

Interactive reproduction

1. Start interactive Codex with approvals enabled.
2. Ask Codex to run a shell command that writes outside the workspace using a single-line command prefix such as printf probe >/data/data/com.termux/files/home/approval-probe.txt.
3. Wait for the approval prompt.
4. Choose 2. Yes, and don't ask again ... (p).

Observed result

Codex shows:

✔ You approved codex to always run commands that start with printf 'probe' > /data/data/com.termux/files/home/approval-probe.txt

⚠ Failed to apply execpolicy amendment: failed to update rules file /data/data/com.termux/files/home/.codex/rules/default.rules: failed to lock policy file /data/data/com.termux/files/home/.codex/rules/default.rules: lock() not supported

The command still executes successfully afterward and creates the requested file.

Expected result

Selecting p should both run the command and persist the approval rule without the lock failure.

Current status

The branch fix/android-execpolicy-lock-fallback now reproduces the fixed behaviour on-device:

• the rebuilt binary no longer shows the Failed to apply execpolicy amendment warning for this flow
• choosing persistent approval writes a prefix_rule entry to ~/.codex/rules/default.rules

This issue remains the tracking record for the original Termux failure.