SuperSU BETA: Root Android Lollipop on Stock Kernel(Elite SoftHAX)

Up until now, if you wanted to get root on Android 5.0, you needed to flash a modified kernel onto your device to work around some SELinux restrictions. XDA Senior Recognized Developer Chainfire Recently released Cf_autoRoot which made the necessary kernel ramdisk modifications to remove SELinux restriction fromthe install-recovery.sh script on AOSP. This morning, however, Chainfire brought smiles to many faces, as heannounced Announce on Twitter that this would no longer be necessary going forward.

Up until today, Chainfire had planned to release an automated ZIP-based patching tool, to automatically patch kernel images from within TWRP recovery,  until he came across a suitable method to remove the need for this.This revelation means that Android 5.0 users no longer needto run a modified kernel to gainroot access via SuperSU (or other root solutions). While not a huge problem on Nexus devices with unlockable bootloaders, the need for ramdisk modifications was concerning for many users of bootloader-locked devices for which no unlock is available (yes, they do unfortunately exist). The answer to their prayers is now here, and we canpresent an exclusive explanationof the changes needed. At leastfor now (until/unless Google patch this), it is possible to gain root access and then install and use SuperSU on a stock Android 5.0 device, without any kernel ramdisk tweaking. The reason for this is the need for SuperSU to run a service as root, to allow for unconstrained root access on SELinux-protected devices.Previously, SuperSU would leverage the pre-installed AOSPflash_recoveryservice (used in AOSP to update recovery after an OTA installation) to start the SuperSU daemon (which actually provides the root privileges for apps which request it). With the release of Lollipop, this service has been added to a restricted SELinux context, meaning it no longer has unadulterated access to thesystem. The previous kernel modifications sought to remove the SELinux restrictions from this script.Chainfire’s latest beta release of SuperSU resolves this by using the core ‘Zygote’ service (responsible for launching all Java services, and thus all appsinstalled on a device). Since Zygote is one of the only services available on Android L, which is started as root within the unrestricted “init” SELinux context, this makes it a prime target for use in the operation of SuperSU. After boot, the Zygote service has its SELinux “init” context transitioned to itsfinal (restricted) “Zygote” context. Chainfire has managedto successfully modify the Zygote files, in order to run codeas the root user, within the unrestricted “init” context, thus bringing SuperSU back to Android L, without kernel modifications.This isn’t the first time Chainfire has turned to Zygote to solve these problems; the earlier 2.23 beta used Zygote as a means to possibly circumvent some other SELinux issues (which were causing rootapps to break on Android L). This allowed some (but not all)of the non-functioning apps to work – the remainder require some updates by their developers. Unfortunately, whenthe 5.0 AOSP code was consulted, it emerged that Google had already broken this method of taking over the Zygote service. Given all his previous attempts to take over Zygote had failed, this is a promising step forward.Chainfire was keen to point out that SuperSU has long been able to modify SELinux policies on a running system (and cautions as to the ease with which an OEM could disable this, and truly prevent meaningful and simple root access), and how any modifications made to Zygote must be made carefully, given the service is run from various different contexts, for different tasks, and this raises the possibility of a number of (nasty) subtle failures. This new SuperSU beta 2.27 is a build for enthusiasts and other techies to play with, to find outwhat breaks. Fingers crossed–there’s no unexpected show-stopper bugs, and this is aviable way forward.Take note – even if this beta works out and Zygote is the preferred avenue to gain root access, going forward, the entireprocess is only a single-line change away from being broken by Google, which would make patched kernel ramdisks the future for root access on Android (thus ruling out root forbootloader-locked devices). Indeed, as a heads-up, the new process may not even work on afully up-to-date AOSP build, dueto some fairly large SELinux changes within the past few months, which were not included in the retail devices, but which will no doubt be there in future releases. Sooner or later though, it seems likely that modified kernel ramdisks will be necessary for root, but this new beta may offer a shortstay-of-execution before we must go in  directions

Check out the release notes for more information about the risks involved in testing this out,and for links. Developers should also be aware that Chainfire is currently hard at work on the“How-To SU” guide(fully updated for Android 5.0), whichshould be available within the next few days.[A huge thanks to Chainfire for his work here, and assistance inpreparing this article.]
Thanks For Choosing our site.
Source XDA Developers