I guess my point was that we have different OS's precisely because people want to do things in different ways. So we can't have generic ways to do them.

OS generic filesystem permissions would be like a OS generic UI framework, it's inherently very difficult and ultimately limited.

Separately, I totally sympathise with you that the OS solutions to networking and filesystem permissions are painful to work with. Even though I'm reasonably comfortable with rwx permissions, I'd never allow untrusted code on a machine which also had sensitive files on it. But I think we should fix this by coming up with better OS tooling, not by moving the problem to the app layer.