"So and AppArmor and SELinux and Smack and Tomoyo would need to be written with all possible permutations in mind?"
Why would AppArmor need to know anything about SELinux?
A special stacking-driver should think like: "Oh, we have a file request. Let's see: - we need to pass it to AppArmor first. Done, result is OK. Then we need to pass it to Yama, result is OK. So we can perform the action".
At no point AppArmor needs to know that after it returns 'OK' further checks will be carried out.
"That sounds absolutely hellish to analyze and test. Remember, we're talking about security here -- failure is far worse than a kernel panic."
Whose who need NSA certification can go and make love with SELinux.