it is something that requires broad solution.
You can implement this by enforcing rules via Dbus, mount points, and UID & GIDs. You may now begin searching the internet to get workable background about the solution. Google is your friend.
When you come back for certain "specific question" then we can give you specified answers too.