I feel like this could be solved with an NLP interface to SELinux, spinning up policies on the fly, blocking network access or giving read only permissions on a per-conversation basis.