Nexus 5 SuperSU Lollipop

Chainfire Cracks Another Hole for Root In Android Lollipop

November 20, 2014 - Written By Phil Bourget

Root.  Lollipop.  Two things that have caused issues for each other since Google released the developer preview images of the then-named ‘Android L’ operating system update that was coming, and arrived in the form of Android 5.0 Lollipop in mid-October.  The issues arose from something called SELinux, which will be explained a bit more later to make things clear, but just know it’s a security measure built into Android for now.  SELinux sees root apps like SuperSU, from the extremely talented and dedicated developer Chainfire, as a security threat and blocks their access to the system from boot-up.  Chainfire has done it again and overcome yet more problems, and has presented us with a rooting option that doesn’t rely on custom kernels or anything other than installing SuperSU through a custom recovery.  Let’s dig into this.

First, as some background, the Android Lollipop-updated developer preview was released back in October, and many of us with Nexus 5s and 7s, myself included, installed it and then immediately begged for root privileges to hack to our hearts’ contents.  Since these were almost-final builds of Lollipop, they had most of the final security measures built in, including a secure kernel (the file in a factory image called ‘boot.img’, which lets the software actually communicate with the hardware on the motherboard and device).  Chainfire, only a matter of hours after the problem and complaints flooded in, took to the computer and offered up a solution. The solution was a customized kernel that had insecurities, holes in the secure start-up sequence that let SuperSU run at start-up.  Then, when the official updates for Nexuses 4, 5, 7, and 10, as well as the shipping of the Nexuses 9 and 6, people had new and more problems with rooting, since sometimes SuperSU would still be blocked.  Some reported crashes and various bugs with the system of having custom files and the like.  So, this morning, Chainfire posted up a new version that looks to be very much what the people have been calling for.

The currently-in-beta version of SuperSU, 2.27, is a custom recovery-flashable .zip file which puts a newly improved SuperSU app into the system.  This new version uses another part of Android to get users that sweet, addictive root access.  The article put up by XDA Developers, in collaboration with Chainfire, details how this new version works, and we’ll simplify and slim it down.  You can go read it for yourself, but we’ll do our best to make it simple and quick. So, SELinux, which stands for Security-Enhanced Linux, is a type of security built into a device’s kernel (which we described above as being the software-hardware linkage).  This security allows only permitted applications to run with root access like the system apps (phone dialer, camera, contacts, and apps like those), but SuperSU obviously cannot get that access.  Past versions of SuperSU have used the pre-Lollipop holes in the kernel to get you root access, but the focus now falls to something called Zygote.

Zygote is the key for SuperSU version 2.27, and this is why: it has the necessary permission at start-up to let SuperSU tag along, then it closes off to the locked state while the device is running.  Zygote still switches from ‘init’ to ‘final’ once the device boots, so Zygote is the key for now, since it lets SuperSU in due to its ‘vulnerability’. However, as XDA notes, the method may only be temporary, and we might have to resort back to custom kernels due to upcoming changes in the AOSP code that will become integrated into future Android updates.  This means some fully up-to-date AOSP-based version of Lollipop might not allow this new method and version of SuperSU to function, since Zygote seems to have been secured by Google already in the AOSP code. What does all this mean, moving forward, though?  It means a lot of things, and that’s no exaggeration.  First, it means that current Lollipop-runners can have root with their favorite custom kernels again, instead of a modified, de-secured stock kernel.  Next it means that Google has bootloader-locked devices in a chokehold.  If this method is in fact disallowed permanently, bootloader-locked devices will be unable to root in the foreseeable future.  And finally, it means that users will have to play with what Google gives them, however terrible for rooting it may be.

With all of that, feel free to go get the latest version of SuperSU and try to get root access (or get it back).  If you have Kit Kat, Android 4.4.4, on your device, perhaps be thankful that you don’t currently have to deal with these issues (and might never, depending on the device).  If you have Lollipop, be wary when updating and accepting OTA updates from now on in you use and want root access.  Rooters, your days of ease may be ending with the biggest change to Android yet.  Have you needed root for anything since you updated to Lollipop, and is root access something that you have thought about updating to Android 5.0?  Do you think that some people will just move away from rooting and enjoy Android as it is, or do you think there will still be as high, or even higher, a demand for access to the root of a device?  Let us know down below.