Hacker News new | comments | show | ask | jobs | submit login

How to request capabilities at run time?

Android has shown that the approach of asking for a list of capabilities while installing does not work for user-facing applications. Apps will grab just as much as capabilities as possible and users will blindly accept the long list without reading.

The same way mach does it.

You send a message to a process that dishes out capabilities and it responds with a handle/port/object that encodes those capabilities.

If the only options available are granting all requested permissions at once or not installing at all, they'll often blindly accept, yes.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | DMCA | Apply to YC | Contact