Is there a reason SELinux/AppArmor policies couldn't be live edited for that kind of purpose? As it is it would require root, but wouldn't it be possible to extend security rules with user rules which could add restrictions but not lift system-wide restrictions? This (hypothetical) way we'd package eg. GIMP with a user profile restricting it to ~/Documents and /media/USERNAME, but you could then grant it additional permissions (eg. to ~/Pictures).