Yeah, it sounds promising but far from simple in practice. :)

There were some early attempts in mobile Linux distros, like original Ubuntu Touch or even Nokias MeeGo and it turns out the main issue is actually improving security while not blocking whole categories of applications from working.

In the early Ubuntu Touch case I remember that you had to as a user allow your image viewer access to individual pictures from SD card, one by one, to see them in the app. This made it basically useless.

In the MeeGo use case IIRC third party chroot/shell environments like Termux were impossible due to the way their security/sandboxing system was setup. At the same time all apps had internet and microphone access & it was impossible to disallow it per app.