Obtaining the label of a remote process is a two-step procedure. First, you must obtain the credential. Then, you must obtain the label from this credential.
The credential is in the ucred_t data structure of the remote process. The label is in the m_label_t data structure in the credential. After obtaining the credential of the remote process, you extract the label information from that credential.
The getpeerucred() function obtains the ucred_t credential data structure from the remote process. The ucred_getlabel() function extracts the label from the ucred_t data structure. In the get_peer_label() function, the two-step procedure is coded as follows:
if (getpeerucred(fd, &uc) == -1) return (-1); sl = ucred_getlabel(uc);
See get_peer_label() Label-Aware Function to view the source of the entire get_peer_label() routine.
For information about the two functions, see the getpeerucred(3C) and ucred_getlabel(3C) man pages.
In addition to obtaining a remote host's label, you can obtain a remote host's type. To obtain the remote host type, use the tsol_getrhtype() routine. See Obtaining the Remote Host Type.