selinux: pull address family directly from the request_sock struct

We don't need to inspect the packet to determine if the packet is an IPv4 packet arriving on an IPv6 socket when we can query the request_sock directly. Signed-off-by: Paul Moore <pmoore@redhat.com>

selinux: pull address family directly from the request_sock struct
We don't need to inspect the packet to determine if the packet is an IPv4 packet arriving on an IPv6 socket when we can query the request_sock directly. Signed-off-by: Paul Moore <pmoore@redhat.com>
0b1f24e6 · Paul Moore · 050d032b · 0b1f24e6
Commit 0b1f24e6 authored Dec 03, 2013 by Paul Moore
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 5 deletions

security/selinux/hooks.c security/selinux/hooks.c +1 -5

No files found.
--- a/security/selinux/hooks.c
+++ b/security/selinux/hooks.c
@@ -4476,14 +4476,10 @@ static int selinux_inet_conn_request(struct sock *sk, struct sk_buff *skb,
 {
 	struct sk_security_struct *sksec = sk->sk_security;
 	int err;
-	u16 family = sk->sk_family;
+	u16 family = req->rsk_ops->family;
 	u32 connsid;
 	u32 peersid;
-	/* handle mapped IPv4 packets arriving via IPv6 sockets */
-	if (family == PF_INET6 && skb->protocol == htons(ETH_P_IP))
-		family = PF_INET;
 	err = selinux_skb_peerlbl_sid(skb, family, &peersid);
 	if (err)
 		return err;