Increased Security Measures in Android Lollipop Affect Rooting – Chainfire

Rafia Shaikh
Posted Oct 24, 2014
14Shares
Share Tweet Submit

Whoops! Seems like Google may have affected the rooting prospects of Android Lollipop with its increased security measures. Google is offering default encryption in the latest Android in an attempt to secure users privacy from unwanted snooping of government and law enforcement agencies. Chanfire comments that this makes the forever-easy process of rooting Android builds a little different and difficult.

Android lollipop rooting prospects:

Google’s latest Android Lollipop moves away from Dalvik to the latest 64-bit computing technology. The different architecture and Google’s increased security measures to lessen the surveillance threats on a mobile device affect the rooting process, comments the renowned Chainfire. Android Lollipop rooting is still possible, however, the process is different. The usual way of rooting in a repairable way at boot time can now be done from a SELinux context.

Chainfire posted a detailed description of the process, issues, and fixing this issue:

Google has really put some effort into better securing Android, and we’ve seen a lot of SELinux related commits to the AOSP tree over the past months. There is some disconnect between the AOSP tree and actual L preview builds, some things from AOSP are not in the L preview build, and vice versa. Ultimately, it’s a pretty good bet these things will mostly align, though.

On most devices and firmwares, SuperSU’s daemon is started by the install-recovery.sh service script that runs at system boot time, as user root with the init context. This is what the daemon needs to function.

Recently, they’ve started requiring all started services to run in their own SELinux context, instead of init. Developers and security guys following AOSP have known this was coming; AOSP builds have been logging complaints about this specific service not having its own context for a while now.

Now this script runs as root, but as theinstall_recovery context, which breaks SuperSU’s operation, as it is a very restrictive context.

In the last AOSP build I have tried (a few weeks old), there were a fair number of other holes that we could use to launch the daemon. At first glance(!), it seems those have all been closed. An impressive feat by the guys working on this, if it proves true.

Android Lollipop rooting is thus now possible at the Kernel level. Add in the manufacturer’s resistant to grant access, and rooting might just get obsolete. However, we surely count a lot on root masters like Chainfire and as Chainfire says, the final release would be a lot different.

– Source: Chainfire Google+

Share Tweet Submit