> I suppose it's possible that an OS could shim the dialog boxes for file selection, open, save, etc... and then transparently provide access to only those files
Isn't this the idea behind Flatpak portals? Make your average app sandbox-compatible, except that your average bubblewrap/Flatpak sandbox sucks because it turns out the average app is shit and you often need `filesystem=host` or `filesystem=home` to barely work.
That kind of thing (with careful UX design) is how you escape the sandbox cycle though; if you can grant access to resources implicitly as a result of a user action, you can avoid granting applications excessive permissions from the start.
(Now, you might also want your "app store" interface to prevent/discourage installation of apps with broad permissions by default as well. There's currently little incentive for a developer not to give themselves the keys to the kingdom.)
Isn't this the idea behind Flatpak portals? Make your average app sandbox-compatible, except that your average bubblewrap/Flatpak sandbox sucks because it turns out the average app is shit and you often need `filesystem=host` or `filesystem=home` to barely work.
It reminds me of that XKCD: https://xkcd.com/1200/