I just discovered the Storage Scopes feature (thank you, Graphene team) and it fits exactly what I want to do with my non-FOSS apps that I unfortunately kind of just need.
For the sake of keeping it unrepetitive, ~
means /storage/emulated/0
(or whatever Graphene's user home directory path is).
I created the directory ~/ProprietarySandboxOfDoom
which I gave Slack access to only. I assume the point of Storage Scopes is that it should now only be able to find files within that directory, or its internal directory. However, when I select a file to send to someone in Slack, it can send files from any directory under ~
which entirely defeats the purpose of limiting it to that one directory.
Am I missing a step? I force-closed Slack and relaunched it, to see if the restricted storage access needed a relaunch to be applied. But it's still able to send files from any directory.
Any ideas?