[wkat4242]

Well yes but Linux has had solutions for this a long time. AppArmor, SELinux.

Some distros like RHEL already bundle apps with profiles that make sure the app can only do what it's supposed to do.

[ilyt]

SELinux in particular is complex enough many vendors just give up and write "disable SELinux" in install manual...

Also it is totally not fit for the "ask user for permission" model.

[cglong]

It worked for Android! https://source.android.com/docs/security/features/selinux

[ilyt]

Android app vendors are not writing their own policies. So there is a lot of code between SELinux and "what's actually usable to the user".

Like, stock RedHat does too, it just took a ton of effort (and bugs) to get there.

But then it is complex problem so its no wonder that the tools to do it are complex too

I wouldn't actually mind android-like permission model for out-of-distro packages (snap/appimage/etc.), maybe a bit expanded so I could say set this this and that folder for the "graphics editng app", and maybe save that as a profile to apply to some other similar app to ease on repetition/alert fatigue.

With maybe a layer to abstract some operations to not be just "allow this(remember choice)". Like file opening, if app calls to open a file I "just" want DM/WM specific open dialogue, with app/container name in the title and select the file to open.

Same for editing, I'd want to be able to just get dialogue "open file for editing", with app name and the permission to edit said file saved for the duration of the session so app doesn't need to re-ask me every time it saves the file.