I think Apple doesn’t want third-party developers to compose their own sandboxing rules, because it’s pretty hard to do that in a way that can’t be escaped and that doesn’t break Apple’s frameworks. They provide the Mac Application Sandbox profile for third-party developers. That profile is quite flexible, and if you’re not targeting the Mac App Store there are some ways to add rule exceptions.
