I understand the risks, but just because they theoretically exist doesn't mean that they pose an active threat in all scenarios, or that they can't be mitigated.

The idea of locking the system down completely and preventing anyone from accessing it is technically more secure, but it creates many practical issues for tech-savvy people who want full control over their devices, which is the vast majority of the GrapheneOS user base.

If SELinux can mitigate the risks, then sure, let's use that. I don't really care what the technical solution is to this problem.

I'm just saying that:

a) As a user of an OS I want to be allowed full control over my device and not have babyproofed functionality because "it's for my own good". That is the realm of walled garden OSs from most major corporations which I deliberately avoid by using GOS in the first place.

b) My personal threat model doesn't involve using a bunch of untrusted applications, and I'm fine with trading some security for convenience. If the risks from choosing convenience can't be mitigated, then my OS should be flexible enough to allow me to make that choice. Other OSs can do this, so why can't GOS? I'm inclined to believe that there's no technical reason for it, but it's something that maintainers simply don't want to support. Which is fine, it's their project and their prerogative, but then let's not pretend that this is a discussion about security.