I missed this one at the time, but a member of the Red Hat security response team just pointed me at this RHEL advisory from October, where a vulnerability in HPLIP was mitigated by standard targeted policy.
That is, SELinux provided zero-day protection against local users exploiting this vulnerability to run arbitrary code as root.
Previously: