Comment 2 for bug 1848919

Encrypted home is typically setup as ~/.Private, not ~/Private and the policy already allows:

  owner @{HOME}/.Private/** mrixwlk,
  owner @{HOMEDIRS}/.ecryptfs/*/.Private/** mrixwlk,

The home interface should already allow ~/Private. What is the denial you see in the logs?