Simplify matching selinux context of child zygote (#8845)

Author: aviraxp

native/src/core/deny/utils.cpp

@@ -10,6 +10,7 @@
 #include <base.hpp>
 #include <sqlite.hpp>
 #include <core.hpp>
+#include <selinux.hpp>
 
 #include "deny.hpp"
 
@@ -108,12 +109,11 @@ static bool proc_name_match(int pid, string_view name) {
 
 bool proc_context_match(int pid, string_view context) {
     char buf[PATH_MAX];
-    sprintf(buf, "/proc/%d/attr/current", pid);
-    if (auto fp = open_file(buf, "re")) {
-        fgets(buf, sizeof(buf), fp.get());
-        if (str_starts(buf, context)) {
-            return true;
-        }
+    char con[1024];
+
+    sprintf(buf, "/proc/%d", pid);
+    if (lgetfilecon(buf, { con, sizeof(con) }) >= 0) {
+        return str_starts(con, context);
     }
     return false;
 }