As of Android Nougat, a new set of SELinux rules have been added which are designed to prevent system_server from loading arbitrary code into its address-space. However, as system_server is extremely privileged, there are a few vectors through which it may still load arbitrary code, thus bypassing the mitigation mentioned above.
24c10a0d6f4d42cf96eb11a1f2c3700f98a0275e04324e2cd9fff3a0af399fed