selinux: pull address family directly from the request_sock struct

We don't need to inspect the packet to determine if the packet is an
IPv4 packet arriving on an IPv6 socket when we can query the
request_sock directly.

Signed-off-by: Paul Moore <pmoore@redhat.com>

diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c
index cc076a9b0344bf7f6779dcea0371b103f07945aa..17d7689660ea8224d6cb6f3c3c514df21ea5abd9 100644 (file)
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4476,14 +4476,10 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
 {
        struct sk_security_struct *sksec = sk->sk_security;
        int err;
-       u16 family = sk->sk_family;
+       u16 family = req->rsk_ops->family;
        u32 connsid;
        u32 peersid;
 
-       /* handle mapped IPv4 packets arriving via IPv6 sockets */
-       if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
-               family = PF_INET;
-
        err = selinux_skb_peerlbl_sid(skb, family, &peersid);
        if (err)
                return err;