This publication describes systems and techniques for providing a policy-defined data access model for enforcing data access limits in place of a permission-protected data access model. An operating system of a computing device may implement the policy-defined data access model to enforce data access limits for applications and processes that decouple permissions from policies. That is, even when an application is permitted by the operating system to access certain data, the operating system may apply and enforce policies that restrict the application’s access to the data in certain ways based on factors such as an application’s purpose for accessing certain data, the semantics of the data to be accessed by the application, the context of the application, the features of the application attempting to access the data, and the like.

In some examples, an operating system can apply and enforce policies that limit an application’s access to data captured by sensors of a computing device, such as data captured by cameras, microphone, location sensors, and the like. For example, the policies may limit the resolution of images captured by the cameras that can be accessed by an application, limit the application to accessing specific cameras, limit the quality of audio data captured by microphones, and the like, based on the factors described above.

Creative Commons License

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.