Since a policy writer doesn’t know what files a user would open with their word processor it must essentially run with the users normal privileges, which makes it able to access anything the user can, clearly not least privilege.

That seems like quite a big admission. You’re basically saying that SELinux is not much use for GUI applications such as word processors because these programs must be run with the user’s full authority.

Isn’t the answer to this to have a security system that allows authority to be granted dynamically? Then the word processor can be dynamically granted access to the individual files that the user wants to edit. Otherwise, if you have a purely static system, the policy must grant the word processor access to every file the user might want to edit.

A user’s mail client obviously can be restricted to a user’s mail directory and be restricted from the rest of the user’s files

What if you want to send a file as an attachment? I think the e-mail application would need at least as much access as the word processor.