Existing application programs such as web browsers include or host executable code from third parties. The executable code allows the third parties to, for example, access resource and/or collect data available from the computing device. Although such existing application programs often provide enhanced user experiences, these application programs also raise security and privacy issues. For example, existing mobile computing devices such as cellular telephones or personal digital assistants (PDA) have global positioning system (GPS) capabilities. Executable code on these devices may include programs or scripts (e.g., such as executed by a web browser) designed to request or even steal vulnerable information such as location information (e.g., global positioning system information) from the mobile computing device.
Some existing systems include separate, layered access policy rules for controlling access by application programs to device resources. For example, if a user authorizes a browser to access particular resources on a mobile computing device and if the browser exposes that capability to web pages, then every web page (malicious or not) rendered by the browser has access to the particular resources. Additionally, operating systems within the existing systems may also provide a policy system to administer these access constraints. However, the existing systems lack, among other things, more granular control over access to the resources.