If an app requires a permission, how does OS know that it's OK to grant it? For example, I want to backup my system, so I install app which needs a permission called "bypass any file access control and let me read every file". How does OS know it's legitimate and not malware trying to steal data?

It could be "this requires special digital signature from OS manufacturer" -> then the private key of this digital signature is a "god object"

It could be "this requires confirmation from the physically present user" -> then you basically have passwordless sudo

It could be "this requires users pin/password/biometrics" -> then you have regular sudo

Either way, there is some source of authority in here, even if it's called "root key" or "user pin" instead of "root account".

> Letting the operating system define granted permission for OS apps.

We're heading that direction right now, and it will be the OS vendors who decide what programs you have permissions to run and which ones you can't.

That's a concept that HN seems to detest.