AFAIU SFOS 4.x has introduced sandboxing for a few (more) apps, like Firefox? And it uses firejail for this?
Firejail has been doing this for a long time now (originally for Firefox as the name implies) and if they decided that the Firefox profile is allowed to read some files in /etc, just like a normal user can, then that’s it.
That’s the beauty of SFOS, it works like a Linux distro, no need to worry about Google’s mobile OS paradigm anymore.
That said, there’s been criticism of firejail not being secure enough. I suspect it’s the same security-buzzword-crazy Android millenials parroting that, but there it is.
But hey, I’m talking out my arse. I don’t positively know if SFOS 4.x uses firejail to sandbox Firefox, and whether it uses the default Firefox profile or something else…?
Clarifying that would be the next constructive step.