security-selinux-expert
CommunityResolve SELinux denials with precise guidance.
Authorjonaschen
Version1.0.0
Installs0
System Documentation
What problem does it solve?
SELinux denial logs, neverallow violations, and mislabeled paths can halt Android builds and block new services, and this skill keeps you inside the verified sepolicy trees and guardrails so you can resolve each denial without regressing Android 15 security posture.
Core Features & Use Cases
- Precision Path Scope: The L1 router and frontmatter-defined scope keep edits within system/sepolicy public/private, vendor, device, and property/service contexts so you never stray into unintended directories.
- Resolution Workflow: Capture
avc: deniedlogs, draft minimal allow rules with the audit2allow_safe guidance, check for existing types, validate against neverallow rules, label new files, and rerun sepolicy or CTS tests before declaring success. - Guardrails & Use Case: Mandatory forbidden actions, handoff rules for new daemons or HAL services, and the
references/selinux_policy_guide.mdensure that onboarding vendor daemons or resolving binder/property denials stays Treble-compliant and coordinated with other subsystem experts.
Quick Start
Request the security-selinux-expert to analyze your latest avc: denied log, propose minimal allow rules with proper file_context labels, and confirm neverallow compliance before rerunning the SELinux tests.
Dependency Matrix
Required Modules
audit2allowbashgrep
Components
scriptsreferences
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: security-selinux-expert Download link: https://github.com/jonaschen/Android-Software/archive/main.zip#security-selinux-expert Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.