"I agree with you that usefulness (or easiness) is important in general, but it cannot be the most important issue when talking about security. (sorry, if I'm too serious)"
The most important thing in a security system is not its capabilities, but its ease of use. And I'm absolutely serious.
Most of security requirements of real sysadmins not complex. For example, I just want my BIND server to have access only to a few directories. I don't really worry that someone might create a hardlink to it and use it to bypass the path-based security - it can only be done if an attacker has local access, and I'm already screwed in this case. So I can gladly sacrifice some theoretical vulnerabilities for usability.
Label-based MACs do not make these kinds of security easy. SELinux can do insane things like row-level security in PostgreSQL based on a unix login user name. But I don't know any system administrator who uses SELinux.
Another example, Windows NT ACLs - they are beautiful, they can do a lot of things, they have all these wonderful inheritable permissions, negative ACEs, etc. But nobody really use them! Because it's way too hard to understand them. So Windows systems generally are less protected than Unix systems which still mostly use simplistic 40-year-old security model! In fact, on my Ubuntu system only /dev/audio and associated devices use POSIX ACLs.
PS: I meant it would be nice if AppArmor policies could be converted to TOMOYO.