With essential privileges, native daemons provide core system services for apps in the Android system. However, we find that exploiting Android native daemons can still lead to another security issue: the privilege abuse within the confined privilege. So, in this paper, we firstly demonstrate the privilege abuse problem in native daemons through two types of attacks: the data leakage attack and the Denial-of-Service (DoS) attack. To mitigate the privilege abuse issue, we then propose the Daemon-Guard framework, in which we build a dispatcher to fork a new daemon process for handling each service request from apps. The dispatcher can check the ownership of data and determine whether a data access operation is authorized, and check the speed of the service requests from an app by a reference monitor. To restrict a daemon process accessing data in the file system, we deploy Seccomp, a capability system supported by the Linux kernel. At last, we implement the Daemon-Guard framework on the keystore daemon through the static instrumentation. The evaluation of the keystore case shows that Daemon-Guard can successfully prevent these two privilege abuse attacks with an acceptable performance overhead.