No I don't mean like that. Explicit permissions control what the extension can do, similar to websites needing explicit permission to access a users camera. An example is a theme extension with permission to change the theme, but having neither permission to run scripts/executables, nor dynamically access the filesystem.
There's no connection to authoritative approval, other than making ecosystems without or without that kind of strict approval safer.
There's no connection to authoritative approval, other than making ecosystems without or without that kind of strict approval safer.