I have grown to be annoyed by applications ignoring the XDG base directory specification.
What's the best way to deny applications any changes to the home directory except in the specified directories .config, .cache and .local?
Linux – How to use SELinux to reject applications’ modifications to home directory
permissionsselinuxxdgxdg-user-dirs
Best Answer
give these locations private types and then block access to generic home content (this is the user home content base type, meaning everything in user home that does not have a private type falls back to the generic user home content type)
in practice though that is going to make things ugly since you may want to share generic user home content between applications.
Example:
Download a pdf with your webbrowser, save it to ~/Downloads, then send that same pdf from ~/Downloads to someone with a mail client.
However your goal is relatively simple compared. Just identify the programs that do not adhere to xdg standards, target them and then block access to generic content. These programs will break regardless.