Access control is the operating system's job, and modern OSes already provide plenty of great tools for doing that.

Just use the existing sandboxing infrastructure like bubblewrap, seccomp, etc. I have way more faith in that than in something than some regex-based blocklist.