Seccomp to Make Android O More Secure by Blocking System Calls


Reading Time:  2 Minutes

The kernel in our smartphones and tablets has a lot of responsibilities when it comes to how our devices function on a day to day basis. To this end, the kernel is doing a lot in an attempt to help to keep our devices secure as well. It’s because of the widespread access that we’re seeing an increase in exploits specifically targeting the kernel. While Google has done its best to isolate and deprivilege processes, will be using a feature called seccomp to increase this protection.

The Android software on our smartphones, tablets and smartwatches communicate with the kernel itself with what is referred to as . There are a number of these that are in place which allow userspace processes (such as our applications) to directly interact with the kernel. This can be anything from simply opening a file in a file manager or sending a Binder message in the background. Since these are used so much, they’ve become a common way for attackers to target the kernel for an exploit.

Google hopes to alleviate some of this with the introduction of seccomp in the upcoming update to is a feature that allows the OS to make a number of completely inaccessible to application software. This increases security since instead of us isolating and deprivileging processes, a lot of these won’t even be accessible. Therefore, harmful applications will be unable to take advantage of these security holes, resulting in more secure handsets.

So the upcoming update will include a single seccomp filter that has been installed into zygote (this is the process that all are derived). This allows for the new implementation of seccomp to not have a negative impact on existing applications while still adding some additional protection to our devices. Specifically, this filter will block certain syscalls (like swapon/swapoff for example), that have been used in a number of security attacks. In total, the filter blocks 17 of 271 syscalls in arm64 and 70 of 364 in arm.

Source: Android Developers