It is, of course, also important to obtain the context of a resource if the application is SELinux-aware. This could be for logging purposes or to decide which domain to transition to (based on the resource context, current context, username, and so on).
To read the context of a resource, the following methods are available:
Given a file path, the following call to
getfilecon()
will provide the context of the file:security_context_t filecon = 0; char * path = "/etc/passwd"; rc = getfilecon(path, &filecon); if (rc < 0) { … // Call failed }; … // Do stuff with the context freecon(filecon);
To get the context of a process, assuming the
pid
variable (of thepid_t
type) has the proper process ID in it, the following code is used:security_context_t pidcon = 0; rc = getpidcon(pid, &pidcon); if (rc < 0) { … // Call failed }; … // Do stuff with the context freecon(pidcon);