interested in an inclusion/exclusion list FOR downloading files, as part of a Shield access policy.

Ex: If Owners/Co-Owners/Editors are OK to download they want control the file types they can download. I know you can control this by just creating a separate classification and policy but that could cause too many of them. Better to create an filetype inclusion list