desperatemouselives Is there a way to do that?
Not that I know of.
desperatemouselives It seems like the safest solution and a basic function
Can I ask why? SMS and Phone access are already protected by permissions in AOSP. Being careful with those permissions is the safest solution. If you still want to keep calls and SMS isolated from other apps, maybe keep them in the Owner profile and otherwise keep the Owner profile completely empty.
desperatemouselives is there a sandboxing app that could help
All apps already run from within the app sandbox.
desperatemouselives Also: how can I allow mobile data ONLY in a secondary profile? I don't want to have mobile data on all the time in my Owner prodile just be able to use it in a secondary profile.
This kind of setting is global, so it's not possible to change it for just one profile.
A workaround could be installing a VPN in the Owner profile, then disabling the VPN from within the app. By default, all connections from within the profile will be routed through the VPN that's set up, but since it's disconnected, no internet traffic will be allowed through.
desperatemouselives Call forwarding does not seem to work in my secondary profile (the menu line is missing). Is there a way to resolve that issue?
It's possible only Owner can do that (though I don't actually know this and I'm just guessing, but there are some settings that, apparently, only Owner can set, including those found in the Phone app).