Per-application permissions for sandboxed applications

1. What actually happened or you saw:
As it is now, we have Protected Data Folders to specify files or folders we want to hide from sandboxed applications. There are also two options in the sandbox settings not to virtualize access to files/folders and registry keys/values respectively.

2. What you wanted to happen or see:
Keep it as it is now for global permissions but also allow us to set these settings for individual applications that are auto-sandboxed.

3. Why you think it is desirable:
It would allow greater control for advanced users on what resources a sandboxed application can access.

4. Any other information: