In the field of computing, applications may be configured to execute in various contexts. An application may execute natively, such as a basic process executing in an operating system, and may be delegated a full set of access rights accorded to the user executing the application. Alternatively, an application may execute within a virtual environment, such as a web application executing in a web browser. However, applications may originate from a variety of sources, many of which may be untrusted, and an incorrectly or maliciously written application might interfere with aspects of the computing environment, such as deleting files in the filesystem, corrupting user profiles, or stealing passwords and other security credentials from the operating system. Applications may also work with particular or sensitive data that might be compromised by other applications. Therefore, virtual environments often implement an isolation policy for various applications, such as restricting access of the application to the computing environment and restricting access to application resources of an application by other applications. Some virtual environments may permit a coarse-grain adjustment of the isolation policy for different applications, e.g., by identifying an application (or a set of applications, e.g., any web application hosted on a particular website) as “trusted” and authorizing the application for a broader set of access privileges to the computing environment.