I assume you mean labels instead of handles.
AppArmor's design is around paths not labels, and independent of whether or
not you like AppArmor, this design leads to a useful security model distinct
from the SELinux security model (which is useful in its own ways). The
differences between those models cannot be argued away, neither is a subset
of the other, and neither is a misdesign. I would be thankful if you could
stop spreading this lie.
You are quite mistaken. SELinux turns pathnames into labels when it initially
labels all files (when a policy is rolled out), whereas AppArmor computes
the "label" of each file when a file is opened. The two models start to
diverge as soon as files are renamed: in SELinux, labels stick with the
files. In AppArmor, "labels" stick with the names.
So what you advocate for is a hybrid between the SELinux and the AppArmor
model, not a superset.
It could be that the SELinux folks will solve the issues they are having with
new files using something better than restorecond in the future, perhaps even
an in-kernel mechanism (although I somewhat doubt it). But then again, their
basic model makes sense even without any live file relabeling, and so that's
probably not very high up on the priority list.
Andreas
-