insmod can be run directly from kernel; fix update_modules errors

refpolicy/policy/modules/system/modutils.te

@@ -56,6 +56,8 @@ allow insmod_t self:process { execmem sigchld sigkill sigstop signull signal };
 allow insmod_t self:udp_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
 allow insmod_t self:rawip_socket { create ioctl read getattr write setattr append bind connect getopt setopt shutdown };
 
+kernel_transition_from(insmod_t,insmod_exec_t)
+
 kernel_load_module(insmod_t)
 
 # Rules for /proc/sys/kernel/tainted
@@ -232,11 +234,11 @@ terminal_use_controlling_terminal(update_modules_t)
 
 files_read_runtime_system_config(update_modules_t)
 files_read_general_system_config(update_modules_t)
-files_execute_system_config_script(insmod_t)
+files_execute_system_config_script(update_modules_t)
 
-corecommands_execute_general_programs(insmod_t)
+corecommands_execute_general_programs(update_modules_t)
-corecommands_execute_system_programs(insmod_t)
+corecommands_execute_system_programs(update_modules_t)
-corecommands_execute_shell(insmod_t)
+corecommands_execute_shell(update_modules_t)
 
 libraries_use_dynamic_loader(update_modules_t)
 libraries_read_shared_libraries(update_modules_t)