"...you can't truly separate policy from function, because they're indivisible in a security-conscious application, yet SELinux makes it very difficult to integrate policy into the development process."
Could you elaborate on this a bit? How is policy development difficult to do in parallel with the development process? Is it just that people neglect it and leave it to the end? I really don't see it being a difficult thing that when you're coding your logging code for your application that you also add the necessary policy to make sure that your program can use it and labels the files correctly.