[ryukafalz]

Yes, Flatpak portals are an implementation of the powerbox pattern. They're still underutilized, though there are more portals specified than I realized at least: https://docs.flatpak.org/en/latest/portal-api-reference.html

That kind of thing (with careful UX design) is how you escape the sandbox cycle though; if you can grant access to resources implicitly as a result of a user action, you can avoid granting applications excessive permissions from the start.

(Now, you might also want your "app store" interface to prevent/discourage installation of apps with broad permissions by default as well. There's currently little incentive for a developer not to give themselves the keys to the kingdom.)