2.3 Security Kernel

MIUI supports Android's native SELinux feature and enforces mandatory access control for the operations of all resources in the system, such as processes, files, directories, and the like. Any process that intends to perform operations in the SELinux system must first be granted permission in the security policy configuration file. The access control policy file will be protected during the boot process of the device and cannot be tampered with by third parties. With SELinux, MIUI can prevent system processes from reading and writing protected data, bypassing the security mechanisms of the kernel, or attacking other processes.

MIUI supports KASLR (Kernel Address Space Layout Randomization) and allocates the kernel address space layout randomly whenever the system is booted. KASLR results in an unpredictable kernel address space layout and increases the difficulty in performing code-reuse attacks. It reduces the possibility of several complex attacks and further strengthens the security of the system kernel.