selinux: use grep to check api supports (#402)

This checks `selinux_state` and `current_sid` supports in a raw way.
Feels more reliable than the version checks.

Supersedes #401, fixes #280, fixes #400.

kernel/selinux/rules.c

@@ -22,7 +22,7 @@ static struct policydb *get_policydb(void)
 {
 	struct policydb *db;
 // selinux_state does not exists before 4.19
-#if LINUX_VERSION_CODE >= KERNEL_VERSION(4, 9, 337)
+#ifdef KSU_COMPAT_USE_SELINUX_STATE
 #ifdef SELINUX_POLICY_INSTEAD_SELINUX_SS
 	struct selinux_policy *policy = rcu_dereference(selinux_state.policy);
 	db = &policy->policydb;
@@ -170,9 +170,7 @@ static int get_object(char *buf, char __user *user_object, size_t buf_sz,
 // reset avc cache table, otherwise the new rules will not take effect if already denied
 static void reset_avc_cache()
 {
-#if ((KERNEL_VERSION(4, 14, 0) <= LINUX_VERSION_CODE) &&                       \
-     (LINUX_VERSION_CODE < KERNEL_VERSION(4, 14, 163))) ||                     \
-	(LINUX_VERSION_CODE < KERNEL_VERSION(4, 9, 337))
+#ifndef KSU_COMPAT_USE_SELINUX_STATE
 	avc_ss_reset(0);
 	selnl_notify_policyload(0);
 	selinux_status_update_policyload(0);