alt Hacker News> I suppose it's possible that an OS could shim the dialog boxes for file selection, open, save, etc... and then transparently provide access to only those files
Isn't this the idea behind Flatpak portals? Make your average app sandbox-compatible, except that your average bubblewrap/Flatpak sandbox sucks because it turns out the average app is shit and you often need `filesystem=host` or `filesystem=home` to barely work.
It reminds me of that XKCD: https://xkcd.com/1200/
Replies
josh-sematic • last Saturday at 10:45 PM
Or perhaps more relevantly to the overall thread: https://xkcd.com/2044/
Yes, Flatpak portals are an implementation of the powerbox pattern. They're still underutilized, though there are more portals specified than I realized at least: https://docs.flatpak.org/en/latest/portal-api-reference.html
That kind of thing (with careful UX design) is how you escape the sandbox cycle though; if you can grant access to resources implicitly as a result of a user action, you can avoid granting applications excessive permissions from the start.
(Now, you might also want your "app store" interface to prevent/discourage installation of apps with broad permissions by default as well. There's currently little incentive for a developer not to give themselves the keys to the kingdom.)