Row-filtering/column-masking policies may have subqueries which involve some other tables. These tables can have associate policies as well. Currently, Impala won't check any policies on these tables, including access policies and masking policies (row-filtering/column-masking). The rational is these expressions are evaluated in admin's point of view. Another reason is to avoid recursive masking, and sometimes infinite recursive masking. E.g. a row-filter subquery can have tables that also have such kind of row-filters.
Although Hive also skipps applying masking policies recursively inside masking/filtering expressions, Hive still check access policies inside them. To avoid breaking users that depend on this, we'd better be compatible with Hive's behavior first.