I know exactly what your syaing but, i didnt say it wouldnt reduce felxibility neither did i say a daemon would be able to access everywhere and anywhere. i said if apple could/has created daemons to find ways of having the functionality other apps have using a sandboxed system (via signing, pre-authorising, app preferences, whatever), which is entirely possible. this is forward thinking, and a step in the right direction.
So 2 steps back, 1 step forward. Gotcha.
The point is, the daemons don't restore functionality, they push burden unto the user to interact where no interaction was required before. That's a step in the wrong direction as far as usability goes, no matter what security it brings forth.
And that brings us back to security being a balancing act. Too much security and the flexibility and usability become a nightmare. Too little and the system can get compromised/hosed through misbehaviors.
I believe these Sandboxes are actually too much security. The filesystem already has proper ACL support, so does the device accesses and they are abstracted by proper kernel drivers that can sanitize input/output anyway.
Not to mention if Apple actually introduces so many of these daemons to permit to poke holes all over the sandbox, you're basically back to square 1, with more user interaction and now the following problems :
- These daemons are vectors of possible exploitation even through sandboxed applications. Poking through the sandbox is one thing, but if a sandboxed process manages to exploit a flaw in these daemons (and the more there are, the more probability of holes being found there are), it might get elevated priviledges it wouldn't have had through simply a non-sandboxed application.
- All these daemons will require memory to run, they will need to be active processes, they will need IPC mecanisms. Why would I want to slow down my system ? Can't I just let the application run non-sandboxed instead ? Apple seems to not be allowing the user the chance to "trust" vendors with this scheme. Guess what, I don't need Apple to do hand holding to tell me who I should and shouldn't trust.
I know right now it is not perfect, but again i doubt apple's end goal is reduce apps functionality overall and completely remove certain types of apps form their operating system, and if you do think that is their end goal then your being incredibly short sighted
think about it, that doesnt actualy make sense.
When has Apple done what makes sense ? Apple does whatever Apple wants to do, sense has nothing to do with it. They've done plenty of bone headed moves in the past and while it brought them profit and popularity, it chased away the minority it impacted.
These sandboxes make sense for smallish utility apps that have almost no automation. It makes sense for apps that are self-contained and work on user supplied datasets.
However, you can't force everything into this model. It just doesn't work and it never quite will. Because again, no matter what you try, as soon as you introduce these sandboxes, you've just hit "compromise lane".