diff --git a/Runner/suites/Kernel/Security/AVCDenials/AVCDenials.yaml b/Runner/suites/Kernel/Security/AVCDenials/AVCDenials.yaml
new file mode 100644
index 00000000..7fe86252
--- /dev/null
+++ b/Runner/suites/Kernel/Security/AVCDenials/AVCDenials.yaml
@@ -0,0 +1,15 @@
+metadata:
+  name: AVCDenials
+  format: "Lava-Test Test Definition 1.0"
+  description: "Collect logs, fetch and parse AVC Denials."
+  os:
+    - linux
+  scope:
+    - functional
+
+run:
+  steps:
+    - REPO_PATH=$PWD
+    - cd Runner/suites/Kernel/Security/AVCDenials
+    - ./run.sh || true
+    - $REPO_PATH/Runner/utils/send-to-lava.sh AVCDenials.res
\ No newline at end of file
diff --git a/Runner/suites/Kernel/Security/AVCDenials/run.sh b/Runner/suites/Kernel/Security/AVCDenials/run.sh
new file mode 100644
index 00000000..0d327753
--- /dev/null
+++ b/Runner/suites/Kernel/Security/AVCDenials/run.sh
@@ -0,0 +1,79 @@
+#!/bin/sh
+
+# Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
+# SPDX-License-Identifier: BSD-3-Clause# Robustly find and source init_env
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+INIT_ENV=""
+SEARCH="$SCRIPT_DIR"
+while [ "$SEARCH" != "/" ]; do
+    if [ -f "$SEARCH/init_env" ]; then
+        INIT_ENV="$SEARCH/init_env"
+        break
+    fi
+    SEARCH=$(dirname "$SEARCH")
+done
+
+if [ -z "$INIT_ENV" ]; then
+    echo "[ERROR] Could not find init_env (starting at $SCRIPT_DIR)" >&2
+    exit 1
+fi
+
+# Only source if not already loaded (idempotent)
+if [ -z "$__INIT_ENV_LOADED" ]; then
+    # shellcheck disable=SC1090
+    . "$INIT_ENV"
+fi
+# Always source functestlib.sh, using $TOOLS exported by init_env
+# shellcheck disable=SC1090,SC1091
+. "$TOOLS/functestlib.sh"
+
+TESTNAME="AVCDenials"
+test_path=$(find_test_case_by_name "$TESTNAME")
+cd "$test_path" || exit 1
+# shellcheck disable=SC2034
+
+RES_FILE="./$TESTNAME.res"
+rm -f "$RES_FILE"
+
+AVC_Denials="./avc_denials.txt"
+rm -f "$AVC_Denials"
+
+if [ -f /var/log/audit/audit.log ]; then
+    log_info "Using audit.log"
+elif CHECK_DEPS_NO_EXIT=1 check_dependencies dmesg; then
+    log_info "Using dmesg as audit source"
+else
+    log_skip "$TESTNAME SKIP: No audit source available"
+    echo "$TESTNAME SKIP" > "$RES_FILE"
+    exit 0
+fi
+
+log_info "-----------------------------------------------------------------------------------------"
+log_info "-------------------Starting $TESTNAME Testcase----------------------------"
+log_info "=== Test Initialization ==="
+
+# Fetch from audit.log
+if [ -f /var/log/audit/audit.log ]; then
+  den=$(cat /var/log/audit/audit.log | grep avc)
+  log_info "Denials in audit.log: "
+  log.info "$den"
+  echo "$den" > "$AVC_Denials"
+fi
+
+# Fetch from dmesg
+if CHECK_DEPS_NO_EXIT=1 check_dependencies dmesg; then
+  den=$(dmesg | grep avc)
+  log_info "Denials in audit.log: "
+  log.info "$den"
+  echo "$den" >> "$AVC_Denials"
+fi
+
+# Making test pass in all conditions
+log_info "Denials saved to log file at $AVC_Denials"
+log_pass "$TESTNAME : PASS"
+echo "$TESTNAME PASS" > "$RES_FILE"
+
+
+
+
+
diff --git a/Runner/suites/Kernel/Security/CheckGetenforce/CheckGetenforce.yaml b/Runner/suites/Kernel/Security/CheckGetenforce/CheckGetenforce.yaml
new file mode 100644
index 00000000..0ed10474
--- /dev/null
+++ b/Runner/suites/Kernel/Security/CheckGetenforce/CheckGetenforce.yaml
@@ -0,0 +1,16 @@
+metadata:
+  name: CheckGetenforce
+  format: "Lava-Test Test Definition 1.0"
+  description: "Check getenforce command output: Check if selinux is in enforcing / permissive / disabled"
+  os:
+    - linux
+  scope:
+    - functional
+
+run:
+  steps:
+    - REPO_PATH=$PWD
+    - cd Runner/suites/Kernel/Security/CheckGetenforce
+    - ./run.sh || true
+    - $REPO_PATH/Runner/utils/send-to-lava.sh CheckGetenforce.res
+
diff --git a/Runner/suites/Kernel/Security/CheckGetenforce/run.sh b/Runner/suites/Kernel/Security/CheckGetenforce/run.sh
new file mode 100644
index 00000000..52261e09
--- /dev/null
+++ b/Runner/suites/Kernel/Security/CheckGetenforce/run.sh
@@ -0,0 +1,68 @@
+#!/bin/sh
+
+# Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
+# SPDX-License-Identifier: BSD-3-Clause# Robustly find and source init_env
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+INIT_ENV=""
+SEARCH="$SCRIPT_DIR"
+while [ "$SEARCH" != "/" ]; do
+    if [ -f "$SEARCH/init_env" ]; then
+        INIT_ENV="$SEARCH/init_env"
+        break
+    fi
+    SEARCH=$(dirname "$SEARCH")
+done
+
+if [ -z "$INIT_ENV" ]; then
+    echo "[ERROR] Could not find init_env (starting at $SCRIPT_DIR)" >&2
+    exit 1
+fi
+
+# Only source if not already loaded (idempotent)
+if [ -z "$__INIT_ENV_LOADED" ]; then
+    # shellcheck disable=SC1090
+    . "$INIT_ENV"
+fi
+# Always source functestlib.sh, using $TOOLS exported by init_env
+# shellcheck disable=SC1090,SC1091
+. "$TOOLS/functestlib.sh"
+
+TESTNAME="CheckGetenforce"
+test_path=$(find_test_case_by_name "$TESTNAME")
+cd "$test_path" || exit 1
+# shellcheck disable=SC2034
+
+RES_FILE="./$TESTNAME.res"
+rm -f "$RES_FILE"
+
+if ! CHECK_DEPS_NO_EXIT=1 check_dependencies getenforce; then
+    log_skip "$TESTNAME SKIP: missing dependencies"
+    echo "$TESTNAME SKIP" > "$RES_FILE"
+    exit 0
+fi
+
+log_info "-----------------------------------------------------------------------------------------"
+log_info "-------------------Starting $TESTNAME Testcase----------------------------"
+log_info "=== Test Initialization ==="
+
+op=$(getenforce)
+log_info "Getenforce output: $op"
+
+if [ "$op" = "Enforcing" ] || [ "$op" = "Permissive" ]; then
+    log_info "SELinux is $op. Testcase PASS."
+    log_pass "$TESTNAME : PASS"
+    echo "$TESTNAME PASS" > "$RES_FILE"
+    exit 0
+elif [ "$op" = "Disabled" ]; then
+    log_info "SELinux is Disabled. Testcase FAIL."
+    log_fail "$TESTNAME : FAIL"
+    pass=false
+    echo "$TESTNAME FAIL" > "$RES_FILE"
+    exit 1
+else
+    log_fail "Unknown SELinux state: $op. Testcase FAIL."
+    log_fail "$TESTNAME : FAIL"
+    pass=false
+    echo "$TESTNAME FAIL" > "$RES_FILE"
+    exit 1
+fi
diff --git a/Runner/suites/Kernel/Security/CheckSestatus/CheckSestatus.yaml b/Runner/suites/Kernel/Security/CheckSestatus/CheckSestatus.yaml
new file mode 100644
index 00000000..e9891a20
--- /dev/null
+++ b/Runner/suites/Kernel/Security/CheckSestatus/CheckSestatus.yaml
@@ -0,0 +1,16 @@
+metadata:
+  name: CheckSestatus
+  format: "Lava-Test Test Definition 1.0"
+  description: "Check sestatus command output: Check if selinux is in enforcing / permissive / disabled"
+  os:
+    - linux
+  scope:
+    - functional
+
+run:
+  steps:
+    - REPO_PATH=$PWD
+    - cd Runner/suites/Kernel/Security/CheckSestatus
+    - ./run.sh || true
+    - $REPO_PATH/Runner/utils/send-to-lava.sh CheckSestatus.res
+
diff --git a/Runner/suites/Kernel/Security/CheckSestatus/run.sh b/Runner/suites/Kernel/Security/CheckSestatus/run.sh
new file mode 100644
index 00000000..52fd9c62
--- /dev/null
+++ b/Runner/suites/Kernel/Security/CheckSestatus/run.sh
@@ -0,0 +1,63 @@
+#!/bin/sh
+
+# Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
+# SPDX-License-Identifier: BSD-3-Clause# Robustly find and source init_env
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+INIT_ENV=""
+SEARCH="$SCRIPT_DIR"
+while [ "$SEARCH" != "/" ]; do
+    if [ -f "$SEARCH/init_env" ]; then
+        INIT_ENV="$SEARCH/init_env"
+        break
+    fi
+    SEARCH=$(dirname "$SEARCH")
+done
+
+if [ -z "$INIT_ENV" ]; then
+    echo "[ERROR] Could not find init_env (starting at $SCRIPT_DIR)" >&2
+    exit 1
+fi
+
+# Only source if not already loaded (idempotent)
+if [ -z "$__INIT_ENV_LOADED" ]; then
+    # shellcheck disable=SC1090
+    . "$INIT_ENV"
+fi
+# Always source functestlib.sh, using $TOOLS exported by init_env
+# shellcheck disable=SC1090,SC1091
+. "$TOOLS/functestlib.sh"
+
+TESTNAME="CheckSestatus"
+test_path=$(find_test_case_by_name "$TESTNAME")
+cd "$test_path" || exit 1
+# shellcheck disable=SC2034
+
+RES_FILE="./$TESTNAME.res"
+rm -f "$RES_FILE"
+
+
+if ! CHECK_DEPS_NO_EXIT=1 check_dependencies getenforce sestatus; then
+    log_skip "$TESTNAME SKIP: missing dependencies"
+    echo "$TESTNAME SKIP" > "$RES_FILE"
+    exit 0
+fi
+
+log_info "-----------------------------------------------------------------------------------------"
+log_info "-------------------Starting $TESTNAME Testcase----------------------------"
+log_info "=== Test Initialization ==="
+
+op=$(sestatus)
+log_info "sestatus output: $op"
+
+
+if echo "$op" | grep -qiE "Current mode:\s*(enforcing|permissive)"; then
+    mode=$(echo "$op" | awk -F: '/Current mode/ {gsub(/^[ \t]+/, "", $2); print $2}')
+    log_info "SELinux is $mode. Testcase PASS."
+    log_pass "$TESTNAME : PASS"
+    echo "$TESTNAME PASS" > "$RES_FILE"
+else
+    log_info "SELinux is not in enforcing or permissive mode. Testcase FAIL."
+    log_fail "$TESTNAME : FAIL"
+    echo "$TESTNAME FAIL" > "$RES_FILE"
+fi
+
diff --git a/Runner/suites/Kernel/Security/SystemctlFailedPerVsEnf/SystemctlFailedPerVsEnf.yaml b/Runner/suites/Kernel/Security/SystemctlFailedPerVsEnf/SystemctlFailedPerVsEnf.yaml
new file mode 100644
index 00000000..92b7676e
--- /dev/null
+++ b/Runner/suites/Kernel/Security/SystemctlFailedPerVsEnf/SystemctlFailedPerVsEnf.yaml
@@ -0,0 +1,15 @@
+metadata:
+  name: SystemctlFailedPerVsEnf
+  format: "Lava-Test Test Definition 1.0"
+  description: "Compare the failed services in Permissive and enforcing mode."
+  os:
+    - linux
+  scope:
+    - functional
+
+run:
+  steps:
+    - REPO_PATH=$PWD
+    - cd Runner/suites/Kernel/Security/SystemctlFailedPerVsEnf
+    - ./run.sh || true
+    - $REPO_PATH/Runner/utils/send-to-lava.sh SystemctlFailedPerVsEnf.res
\ No newline at end of file
diff --git a/Runner/suites/Kernel/Security/SystemctlFailedPerVsEnf/run.sh b/Runner/suites/Kernel/Security/SystemctlFailedPerVsEnf/run.sh
new file mode 100644
index 00000000..0cb5d216
--- /dev/null
+++ b/Runner/suites/Kernel/Security/SystemctlFailedPerVsEnf/run.sh
@@ -0,0 +1,114 @@
+#!/bin/sh
+
+# Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
+# SPDX-License-Identifier: BSD-3-Clause# Robustly find and source init_env
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+INIT_ENV=""
+SEARCH="$SCRIPT_DIR"
+while [ "$SEARCH" != "/" ]; do
+    if [ -f "$SEARCH/init_env" ]; then
+        INIT_ENV="$SEARCH/init_env"
+        break
+    fi
+    SEARCH=$(dirname "$SEARCH")
+done
+
+if [ -z "$INIT_ENV" ]; then
+    echo "[ERROR] Could not find init_env (starting at $SCRIPT_DIR)" >&2
+    exit 1
+fi
+
+# Only source if not already loaded (idempotent)
+if [ -z "$__INIT_ENV_LOADED" ]; then
+    # shellcheck disable=SC1090
+    . "$INIT_ENV"
+fi
+# Always source functestlib.sh, using $TOOLS exported by init_env
+# shellcheck disable=SC1090,SC1091
+. "$TOOLS/functestlib.sh"
+
+TESTNAME="SystemctlFailedPerVsEnf"
+test_path=$(find_test_case_by_name "$TESTNAME")
+cd "$test_path" || exit 1
+# shellcheck disable=SC2034
+
+RES_FILE="./$TESTNAME.res"
+rm -f "$RES_FILE"
+
+FS_Permissive="./failedServices_permissive.txt"
+rm -f "$FS_Permissive"
+echo 0 > "$FS_Permissive"
+
+FS_Enforcing="./failedServices_permissive.txt"
+rm -f "$FS_Enforcing"
+echo 0 > "$FS_Enforcing"
+
+if ! CHECK_DEPS_NO_EXIT=1 check_dependencies getenforce setenforce systemctl; then
+    log_skip "$TESTNAME SKIP: missing dependencies"
+    echo "$TESTNAME SKIP" > "$RES_FILE"
+    exit 0
+fi
+
+log_info "-----------------------------------------------------------------------------------------"
+log_info "-------------------Starting $TESTNAME Testcase----------------------------"
+log_info "=== Test Initialization ==="
+
+default_mode=$(getenforce)
+log_info "Default Selinux Mode is $default_mode"
+
+# Get results for permissive mode
+setenforce 0
+failedServices=$(systemctl list-units --state failed)
+echo "$failedServices" | awk '/^\*/ {print $2}' > "$FS_Permissive"
+
+# Get failed service count
+count=$(echo '$failedServices' | grep 'loaded units listed')
+echo "Systemctl list-units failed in Permissive mode: "
+echo "$count"
+
+# Get results for enforcing mode
+setenforce 1
+failedServices=$(systemctl list-units --state failed)
+echo "$failedServices" | awk '/^\*/ {print $2}' > "$FS_Enforcing"
+
+# Get failed service count
+count=$(echo '$failedServices' | grep 'loaded units listed')
+echo "Systemctl list-units failed in Enforcing mode: "
+echo "$count"
+
+# Compare both lists
+
+log_info "Failed for Enforcing but loaded in Permissive:"
+diff1=$(grep -Fxv -f "$FS_Permissive" "$FS_Enforcing")
+log_info $diff1
+
+log_info "Failed for Permissive but loaded in Enforcing:"
+diff2=$(grep -Fxv -f "$FS_Enforcing" "$FS_Permissive")
+log_info $diff2
+
+
+if [ -z "$diff1" ] && [ -z "$diff2" ]; then
+  log_pass "$TESTNAME : PASS"
+  echo "$TESTNAME PASS" > "$RES_FILE"
+else
+  log_fail "$TESTNAME : FAIL"
+  echo "$TESTNAME FAIL" > "$RES_FILE"
+fi
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/Runner/suites/Kernel/Security/ToggleSetenforce/ToggleSetenforce.yaml b/Runner/suites/Kernel/Security/ToggleSetenforce/ToggleSetenforce.yaml
new file mode 100644
index 00000000..00c617d6
--- /dev/null
+++ b/Runner/suites/Kernel/Security/ToggleSetenforce/ToggleSetenforce.yaml
@@ -0,0 +1,15 @@
+metadata:
+  name: ToggleSetenforce
+  format: "Lava-Test Test Definition 1.0"
+  description: "Toggle Setenforce to check if altered mode is reflected"
+  os:
+    - linux
+  scope:
+    - functional
+
+run:
+  steps:
+    - REPO_PATH=$PWD
+    - cd Runner/suites/Kernel/Security/ToggleSetenforce
+    - ./run.sh || true
+    - $REPO_PATH/Runner/utils/send-to-lava.sh ToggleSetenforce.res
\ No newline at end of file
diff --git a/Runner/suites/Kernel/Security/ToggleSetenforce/run.sh b/Runner/suites/Kernel/Security/ToggleSetenforce/run.sh
new file mode 100644
index 00000000..e29d84ce
--- /dev/null
+++ b/Runner/suites/Kernel/Security/ToggleSetenforce/run.sh
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+# Copyright (c) Qualcomm Technologies, Inc. and/or its subsidiaries.
+# SPDX-License-Identifier: BSD-3-Clause# Robustly find and source init_env
+SCRIPT_DIR="$(cd "$(dirname "$0")" && pwd)"
+INIT_ENV=""
+SEARCH="$SCRIPT_DIR"
+while [ "$SEARCH" != "/" ]; do
+    if [ -f "$SEARCH/init_env" ]; then
+        INIT_ENV="$SEARCH/init_env"
+        break
+    fi
+    SEARCH=$(dirname "$SEARCH")
+done
+
+if [ -z "$INIT_ENV" ]; then
+    echo "[ERROR] Could not find init_env (starting at $SCRIPT_DIR)" >&2
+    exit 1
+fi
+
+# Only source if not already loaded (idempotent)
+if [ -z "$__INIT_ENV_LOADED" ]; then
+    # shellcheck disable=SC1090
+    . "$INIT_ENV"
+fi
+# Always source functestlib.sh, using $TOOLS exported by init_env
+# shellcheck disable=SC1090,SC1091
+. "$TOOLS/functestlib.sh"
+
+TESTNAME="ToggleSetenforce"
+test_path=$(find_test_case_by_name "$TESTNAME")
+cd "$test_path" || exit 1
+# shellcheck disable=SC2034
+
+RES_FILE="./$TESTNAME.res"
+rm -f "$RES_FILE"
+
+if ! CHECK_DEPS_NO_EXIT=1 check_dependencies getenforce setenforce; then
+  log_skip "$TESTNAME SKIP: missing dependencies"
+  echo "$TESTNAME SKIP" > "$RES_FILE"
+  exit 0
+fi
+
+log_info "-----------------------------------------------------------------------------------------"
+log_info "-------------------Starting $TESTNAME Testcase----------------------------"
+log_info "=== Test Initialization ==="
+
+default_mode=$(getenforce)
+log_info "Default selinux mode: $default_mode"
+
+# Set SELinux to permissive
+setenforce 0
+mode1=$(getenforce)
+
+if [ "$mode1" != "permissive" ] && [ "$mode1" != "Permissive" ]; then
+  log_info "setenforce 0 failed. Expected Permissive, got $mode1"
+  log_fail "$TESTNAME : FAIL"
+  echo "$TESTNAME FAIL" > "$RES_FILE"
+  exit 1
+fi
+log_info "setenforce 0 successful: $mode1"
+
+# Set SELinux back to enforcing
+setenforce 1
+mode2=$(getenforce)
+
+if [ "$mode2" != "enforcing" ] && [ "$mode2" != "Enforcing" ]; then
+  log_info "setenforce 1 failed. Expected Enforcing, got $mode2"
+  log_fail "$TESTNAME : FAIL"
+  echo "$TESTNAME FAIL" > "$RES_FILE"
+  exit 1
+fi
+log_info "setenforce 1 successful: $mode2"
+
+log_pass "$TESTNAME : PASS"
+echo "$TESTNAME PASS" > "$RES_FILE"
+
+# Set back to default
+if echo "$default_mode" | grep -iq "^permissive$"; then
+  setenforce 0
+else
+  setenforce 1
+fi
+
+
+
+
+
+
+
+
+