So for example, you could subtype cr_revision or whatever to determine the type. But of course, there are no permissions on object_types.
What I have done in the past is create a special object per "type" of thing I need to permission and check permissions on that object. of course that is a pain if you want to do that on top of file storage, which is not aware of these types.
Well then again, to define the type you'd need to map it somehow so you need a mapping table somewhere. This could be categories.
That seems like a good compromise, but you still have to check permissions on the category the object is mapped to.
I imagine you want custom package_id/type permission mappings, so that a user or group would have permission for certain types within an instance of file storage.
Even if you make object types objects and applied permissions on those, it would apply overall, not within a certain package instance.