From 1f7b37c585b6d6917ff2cabe70d92b95733b4f9c Mon Sep 17 00:00:00 2001
From: Chris PeBenito <cpebenito@tresys.com>
Date: Thu, 21 Apr 2005 21:35:45 +0000
Subject: [PATCH] insmod can be run directly from kernel; fix update_modules
 errors

---
 refpolicy/policy/modules/system/modutils.te | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/refpolicy/policy/modules/system/modutils.te b/refpolicy/policy/modules/system/modutils.te
index 0a01207e..3e9a6206 100644
--- a/refpolicy/policy/modules/system/modutils.te
+++ b/refpolicy/policy/modules/system/modutils.te
@@ -56,6 +56,8 @@ allow insmod_t self:process { execmem sigchld sigkill sigstop signull signal };
 allow insmod_t self:udp_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
 allow insmod_t self:rawip_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
 
+kernel_transition_from(insmod_t,insmod_exec_t)
+
 kernel_load_module(insmod_t)
 
 # Rules for /proc/sys/kernel/tainted
@@ -232,11 +234,11 @@ terminal_use_controlling_terminal(update_modules_t)
 
 files_read_runtime_system_config(update_modules_t)
 files_read_general_system_config(update_modules_t)
-files_execute_system_config_script(insmod_t)
+files_execute_system_config_script(update_modules_t)
 
-corecommands_execute_general_programs(insmod_t)
-corecommands_execute_system_programs(insmod_t)
-corecommands_execute_shell(insmod_t)
+corecommands_execute_general_programs(update_modules_t)
+corecommands_execute_system_programs(update_modules_t)
+corecommands_execute_shell(update_modules_t)
 
 libraries_use_dynamic_loader(update_modules_t)
 libraries_read_shared_libraries(update_modules_t)