Android Documentation says: "SELinux can be used to label these devices so the process assigned the root privilege can write to only those specified in the associated policy. In this way, the process cannot overwrite data and system settings outside of the specific raw block device." source - http://source.android.com/devices/te...html#use-cases
As a reference I am implementing a Mobile Device Management system and in the process I have to determine how secure Android OS is itself. That is why I need to know how secure corporate data stored on a device is to root-kits, spyware, and other malware.
p.s. This has been posted on the "Unix and Linux" StackExchange site with no one being able to answer yet. I'm hoping XDA's hands on experience with the Kernel will be able to help get this answered, Thank You .