actually, the admin/role-policies interface for the content module doesn't allow me to set permissions on content depending on the siteaccess (i can use this interface for setting permissions for node, subtrees, sections, etc).
so i guess i have to extend the content module policy code. But since it's an important kernel module i would be glad if someone could point me to the "bestpractices" for doing this kind of things.
A simpler is to write a template override for the articles/folders in question - restrict the template's use by node_id. Then show nothing or a fobidden message in place of the content in question. You also could create a new class (based on article etc.) so that the template would always apply to that specific class as opposed to listing specific nodes.
You may want to hide the nodes in question from any menus/recently published items lists you use too.