Well, you could include the standard file operations (launch program by doubleclicking that file, save that particular file; secure "save-as" selection provided by OS) as managed parts of the sandbox; and have a functional app that is unable to open&change any files that the user doesn't intentionally choose.