The problem with aa_query_file_path() is that you have to hand it a fully resolved path and, after the trusted helper calls aa_query_file_path() but before opening the file, a malicious app modifies a component in the file path that introduces a symlink that points elsewhere.

Note, this can be worked around by doing something like:

```
rpath = realpath(foo) # 'foo' is file the app wants
my_fd = open(rpath)   # get file descriptor

# Ensure the app didn't try to race us. We use readlink()
# because the kernel will have realpath'd
# /proc/self/fd/$my_fd already and we don't have to do
# it again.
if readlink(/proc/self/fd/$my_fd) != rpath:
    return false # log suspicious activity, abort!

# At this point, we are sure that rpath is ok and we may
# do any checks on rpath so long as we pass my_fd to
# whatever needs it instead of reopening the file.

if aa_query_file_path(profile, rpath):
    return true and pass my_fd to whoever needs it
```