They would: the problem is, essentially: "Should we allow this interaction, which is between a process and something else outside that process?"
The answer, clearly, depends on what the interaction is, which means that the security module doing the evaluation must *know* all the possible interactions.
That way, clearly, lies madness, as our Esteemed Editor implies.
Your expansion, though, explains why this hasn't been fixed: the problem isn't syntactic. It's semantic. It doesn't really matter how you express it: there needs to be a way to have these conversations, on all by the most trivial implementations, and there's no way to predict what they will be... 10 years from now.