Create a strict skeleton-abstraction for system applications that have wide access (text editors) and then only grant broader file access (in the child profile) based on the application that executed said child profile.
