SELinux is complicated pretty much no matter what you do. You can use some of those tools to make it easy...
What we need in Linux is something like Windows XP SP2 and newer Windows versions have. We would probably call them 'Roles', but in Windows-land they are called Zones.
Each Zone has different level of privileges and NTFS Alternate Data Streams (extra metadata stored with the file in the file system) contains labels that tell the desktop what security zone that file is associated with.
Basically if you download a file using Internet Explorer it will place the file in the 'Internet Zone'. Then programs using it will worn you about it and you'll get security pop-ups and all that stuff.
We need that for the Linux desktop.
Most Desktops are going to be single user only. Even in enterprises the user will not be allowed to have admin privileges, but they will probably be the only user on that. On a desktop computer, even in enterprise desktops, the most important information is going to be contained and accessible from that user account.
Therefore the traditional restrictions that Unix imposes on user accounts is not terribly useful for protecting that user.
Any program I run, no matter how trivial, has full access to all my data and has full access to everything I do and everything I have access to.
So what is needed is a way to restrict programs I run to only having the privileges that they need, not what I need. Then we need a way to track information, such as text files that can contain shell scripts or document files that can contain macros.
A easy way to setup policies (preferably through a LSM MAC for robustness) is going to be extremely important to improving the security of the Linux desktop. If we got that it would certainly be a huge step ahead of Mac OS X and Windows in terms of desktop security.
I don't think that SELinux, the way it is now, will ever be a good match for that.