I took the "granularity doesn't cut it" comment to mean there aren't enough entitlements to eliminate the need for custom SBPL. Followed by a sentence about apps that have temporary exception SBPL. Combining the two seems to imply that if there were more entitlements the custom SBPL might not be necessary. In the followup you noted; the split in reasoning and evaluation is rough and potentially not needed. I read this as a conclusion of wanting to do something, but could not as there were not enough entitlements to make it work, so custom SBPL would be necessary.
selridge|8 days ago
VogonPoetry|7 days ago