Document Providers (Storage Access Framework) - scopes/expiry

monozygote

I was trialling DroidFS. It creates/reads encrypted files and dirs in some root dir you point it to and mounts them as sort of virtual drive available via file-view/system-picker. I didn't know what this means so a brief search led me to terms like Storage Access Framework and document providers. I also found GOS's brief explanation on it :

Additionally, both modern and legacy Android apps can open the system file picker interface to have the user store or load one or more files/directories on their behalf. This type of access doesn't require any of the permissions listed above. Using this approach gives the user control over where files are stored in their home directory and which files/directories can be used by the app. This is based on the Storage Access Framework (SAF) [...] allows the user to grant access to files/directories in [...] app-based storage providers such as [...] an encrypted volume [...] This is the only way to use those app-based storage providers

So no app can access these "virtual" paths/mounts/whatever without explicitly asking the user to choose it for them using system picker, right?
Once I choose say file (or dir) foo/bar in there, the app can read/write to it. I'm assuming that since this is not a regular path and can disappear if the document provider (correct terminology? ) is locked/exited, there's probably some other stuff that's exchanged and the app uses that to read/write. Is that "some other stuff" permanent? Ie. can the app cache it somewhere, retrieve it later and access the file/dir again? Does it survive say the DroidFS being locked and then later unlocked again? If so is there a way to "revoke" this so that the app has to ask me to choose it again if it wants access to it?
Is there an equivalent of "Always allow/Allow only when using app/Only this time" for accesses to such virtual paths?

Normally with storage scopes I could just remove the file/dir from the storage scope and app wouldn't be able to see the dir/files anymore (assuming they were created by other apps). What is the equivalent here?