Just to add a bit of history--there was a little known software product, a name which I cannot remember or find, in the early 2000s for Windows NT based operating systems, which hooked API calls of Windows applications to implement seccomp-like filtering for random Windows applications. I recall it allowed users to restrict an application to not perform certain system actions, access certain folders/files, etc. It was well ahead of its time for early 2000s operating system hardening and I think may have been an inspiration arising from early 2000s rootkits.

It predated https://github.com/sandboxie-plus/Sandboxie but Sandboxie is an example (from 2004) of a similar project that has a longer development history. There have been other similar projects that have come and gone over the years too.