selinux doesn't help when the kernel itself has been compromized like this. Sandboxes from Android and containerisation tools like Docker do not protect you against this exploit. The only feasible method of restriction is full virtualisation (assuming that if you use KVM, last week's CVE-2026-53359 patches are rolled out everywhere).
Any app that can run native code execution on any version of Linux in the past fifteen years can get root until kernel updates arrive on your devices.