A turing-complete specification language is open-ended.

It's also unwieldy (does it halt?) and possibly dangerous (does it cause the system to do something bad even in just evaluating the policy?).

Without turing completeness the language might not be expressive enough.

But something that can say "I trust that code over there with this SHA. If it says 'true' then you can declassify that information" makes lots of policies possible to express in an open-ended way.