API Changes
-
Explicit API for obtaining process contexts
- No longer stat_secure on /proc/pid inodes
- getcon(), getprevcon(), getfscreatecon(),getexeccon()
- getpidcon() for other processes
- Implemented via reads of /proc/pid/attr/*
-
File context API layered on top of xattr API
- [gs]etfilecon, l[gs]etfilecon, f[gs]etfilecon
- Hides xattr name, handles allocation of context buffers