> So vulnerability in an image viewer would not give an attacker access to other apps' data.
By having separate user's per app, apps can't read each others' files by default. If one app has a vulnerability that can be used to acquire root, that app can read all files after disabling SELinux.
> If one app has a vulnerability that can be used to acquire root
To get root privileges you need to attack the kernel (or the application that has those privileges). Having a bug in an image viewer is not enough.
You can try to make obtaining root privileges more complicated only by reducing the attack surface with restricting system calls each application is allowed to make or with redesigning the kernel so that less code is executed in ring 0 (microkernel architecture).
But recent vulnerabilities like Dirty COW or rowhammer could work even in this case.
By having separate user's per app, apps can't read each others' files by default. If one app has a vulnerability that can be used to acquire root, that app can read all files after disabling SELinux.