[untog]

It's true, but I'm not sure how e.g. VS Code would even work on a truly sandboxes environment. There'd be no file browser.

[yzmtf2008]

macOS does this via the open dialog — opening a directory gives an application full access to that directory

[m45t3r]

And you can have the same issue the author said in the article by requesting access to home directory and running the exactly the same command as the author wrote.

[int_19h]

You'd need to open your entire home dir for that. In VSCode, you normally open the specific directory that contains the source for one particular project you're working on, so in that model, it would only be granted permission to that directory.

[pcwalton]

Same way it works on the web: Use a broker process that grants access via a file select dialog.

[vetinari]

The point is, that for vscode picking a file is not enough. It would cause lot of fun opening multi-root workspaces you just checked out...

There are many more applications, not just IDEs, where picking a file or folder is not sufficient: for example, apps like Rapid Photo Downloader or Darktable would be significantly crippled.

[voltagex_]

Virtualised paths with specific access - i.e. VS Code would only see one path.