If you think the module should do anything related to security paranoia (most modules don't need this, and there isn't any indication this is the OPs intend), the safe thing is for the module to accept a file handle, instead of a file name.

That allows the caller of the module to open a file, and actually drop privileges before calling the module. For instance, a daemon could start as a root user, open the necessary files, drop privileges to a normal user, and then call a third party module, passing it file handles (which where opened as the root user). Said module can no longer open files that require root privileges. Your suggestion however, requires the code in the module to run using root privileges.

Picture this: A program manages to escalate it's privileges, then opens a system file for write access. It then passes your module the file handle.

Then what? What damage is the module going to do the program cannot do already? Besides, if the program manage to escalate the privileges before opening the file, the privileges will certainly still be up by the time the module is asked to open the file.

If you (instead) receive the file name, you have a better chance of making sure that any action your module takes is benign.

How?