Really it would need to extend all action-match items with new
"named_" equivalents, and most callbacks would need to be extended to
pass in an object name, if available. On the other hand, with such
support implemented then the AppArmor policy compilation tools could
be transformed into a simple SELinux policy generator. I estimate
that the number of new lines of kernel code for such a modified
SELinux would be 100x less than the kernel code in AppArmor.