Google’s Android team has tightened GPU driver access using SELinux.
The security group partnered with Arm to audit Mali GPU ioctls and introduced a new SELinux attribute, gpu_harden, that blocks instrumentation commands for regular apps. After an opt‑in test phase, the policy switched to an opt‑out model: all apps are denied the risky ioctls unless the device is rooted, the app is marked debug‑gable, or a permanent SELinux exception is granted. The change is rolled out via a macro that lets OEMs list production, instrumentation and debug ioctls per device.
GPU code runs with high privileges, and since 2021 most Android kernel‑driver exploits have targeted the user‑mode to kernel‑mode driver interface. By cutting off the most exploitable ioctls, Google reduces the attack surface faster than patching each bug individually. Developers retain needed debugging tools, while everyday users get a sturdier stack without a visible impact on app behavior.
The move mirrors similar hardening efforts on desktop Linux, but Android’s scale makes it more consequential. Watch for updates to the macro in future AOSP releases and for OEM adoption rates, which will indicate how quickly the broader ecosystem inherits the protections.