The Policy parser for the default java.policy is done by the JVM. There is very limited flexibility in altering that.
If you really want total control, then you will need to write your own policy implementation with its own parsing etc.
The question I would ask is what are your use cases?
at runtime or after container starts we have to deploy multiple deployable units (DU - just an abstraction). each component from DU may have element in its descriptor (which we parse and it is available as POJO) which contains string formatted accordingly to rules of policy.file.
Now upon deploying component we need to load those policies, when component is undeployed we have to remove them.