Google is Making Android O More Secure with Seccomp
The kernel in our smartphones and tablets has a lot of responsibilities when it comes to how our devices function on a day to day basis. To this end, the kernel is doing a lot in an attempt to help to keep our devices secure as well. It’s because of the widespread access that we’re seeing an increase in exploits specifically targeting the kernel. While Google has done its best to isolate and deprivilege processes, Android O will be using a Linux feature called seccomp to increase this protection.
The Android software on our smartphones, tablets and smartwatches communicate with the kernel itself with what is referred to as system calls. There are a number of these system calls that are in place which allow userspace processes (such as our applications) to directly interact with the kernel. This can be anything from simply opening a file in a file manager or sending a Binder message in the background. Since these system calls are used so much, they’ve become a common way for attackers to target the kernel for an exploit.
Google hopes to alleviate some of this with the introduction of seccomp in the upcoming update to Android O. Seccomp is a Linux feature that allows the OS to make a number of system calls completely inaccessible to application software. This increases security since instead of us isolating and deprivileging processes, a lot of these system calls won’t even be accessible. Therefore, harmful applications will be unable to take advantage of these security holes, resulting in more secure handsets.
So the upcoming Android O update will include a single seccomp filter that has been installed into zygote (this is the process that all Android applications are derived). This allows for the new implementation of seccomp to not have a negative impact on existing applications while still adding some additional protection to our devices. Specifically, this filter will block certain syscalls (like swapon/swapoff for example), that have been used in a number of security attacks. In total, the filter blocks 17 of 271 syscalls in arm64 and 70 of 364 in arm.
Source: Android Developers Blog