FORUMS
Remove All Ads from XDA

[WIP][2016.01.21] Android 6.0 Marshmallow [CLOSED]

10,716 posts
Thanks Meter: 79,080
 
By Chainfire, XDA Ad-Free Senior Moderator / Senior Recognized Developer - Where is my shirt? on 6th October 2015, 10:59 PM
Thread Closed Email Thread
All discussion should go the SuperSU BETA thread

Attached find modified boot.img for the Nexus firmwares released so far. Together with SuperSU v2.50+ these allow root with SELinux in Enforcing mode.

These are the stock boot images from Google, with the ramdisk modified as follows:
- patched sepolicy
- disabled dmverity (if applicable)
- disabled forceencrypt (if applicable)

Rooting procedure:
- flash/upgrade to Marshmellow
- flash modified boot.img
- flash/boot TWRP and sideload latest v2.50+

Acquiring root without modifying the boot images is still under investigation. Please note that the current method will not be officially supported. Future roots may require a clean system: we are at a very early stage of root for 6.0, methods used are subject to change.

For the modders, you can do the sepolicy modifications yourself as follows:
- root a reference device (4.4+ with SELinux enabled) with v2.50+
- extract the sepolicy file from the target boot image's ramdisk
- with the reference device connected to ADB:

Code:
adb push sepolicy /data/local/tmp/sepolicy
adb shell su -c "supolicy --file /data/local/tmp/sepolicy /data/local/tmp/sepolicy_out"
adb shell su -c "chmod 0644 /data/local/tmp/sepolicy_out"
adb pull /data/local/tmp/sepolicy_out sepolicy_out
- replace the sepolicy file in the boot image's ramdisk with the sepolicy_out file
- profit

(this trick should also work on the Samsung 5.1.1 kernels that people are having issues with lately)

Fugu requires v2.51+
Attached Files
File Type: zip hammerhead-mra58k-boot.zip - [Click for QR Code] (7.82 MB, 73098 views)
File Type: zip shamu-mra58k-boot.zip - [Click for QR Code] (7.78 MB, 35072 views)
File Type: zip razor-mra58k-boot.zip - [Click for QR Code] (7.24 MB, 11602 views)
File Type: zip razorg-mra58k-boot.zip - [Click for QR Code] (7.24 MB, 5300 views)
File Type: zip volantis-mra58k-boot.zip - [Click for QR Code] (7.70 MB, 6634 views)
File Type: zip volantisg-mra58k-boot.zip - [Click for QR Code] (7.70 MB, 3134 views)
File Type: zip fugu-mra58k-boot.zip - [Click for QR Code] (5.97 MB, 7144 views)
File Type: zip bullhead-mdb08i-boot.zip - [Click for QR Code] (9.98 MB, 23420 views)
File Type: zip angler-mdb08k-boot.zip - [Click for QR Code] (9.48 MB, 30964 views)
File Type: zip razor-mra58u-boot.zip - [Click for QR Code] (7.24 MB, 4358 views)
The Following 544 Users Say Thank You to Chainfire For This Useful Post: [ View ]
 
 
8th October 2015, 03:30 PM |#2  
Chainfire's Avatar
OP Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 79,080
 
Donate to Me
More
EXPERIMENT: Root without modifying /system
EXPERIMENTAL, ARE YOU SURE YOU WANT THIS ?

All discussion should go the SuperSU BETA thread

Idea
To have root on modern Android versions, we need our files to be executable and our daemon to be started on boot. We normally do this by making modifications to /system, tapping into binaries and scripts executed by init. If we're also modifying the boot image, then we should be able to do all this without modifying system at all. A benefit of this is that it makes OTAs easier - reflashing the boot image is less hassle than reflashing system.

As the binaries should still be updatable, and we don't know the space we have available in the boot image itself, we're mounting a (writable) ext4 image with /su as mount point from /data, and modifying PATH accordingly. Interestingly, for reasons yet unknown to me, if the image is mounted r/o by init, later remounting it r/w causes a bunch of issues. So we're keeping it r/w (for root) for now.

An overlayfs/unionfs solution would be even more ideal, transparently placing files in /system without modifying the actual partition, but I have not been able to find one that is (a) compatible with all Android architectures and (b) not kernel dependent and (c) not GPL - or even just one of those requirements, really. It's technically all possible, it just needs to be done.

Caveats
- Apps with hardcoded paths to su (seriously?) will bork
- Factory reset unroots
- Factory reset wipes pin
- ...
- Bugs... Bugs everywhere!

Instructions
You must absolutely re-flash your stock /system partition, or the separate root instances will interfere with eachother. The installer for this experiment will not clean up old root files.
- Flash stock /system (and /vendor and /oem, if present)
- Flash the attached boot image
- Flash the attached SuperSU ZIP in TWRP

Ramdisk modifications
- include (post above this one)
- init.rc (devs: please open file for reference)
--- on init
------ mkdir /su ...
--- on post-fs-data
------ copy image from cache to data (for rooting without access to /data in custom recovery)
------ mount image to /su
--- service daemonsu
- init.environ.rc
--- export PATH, prepended with /su/bin
- file_contexts
--- /su(/.*)? ubject_r:system_file:s0

NOTE
- Not all SuperSU options are supported yet in this mode
- I have not tested with encrypted devices
- /system should never be remounted r/w, I hope I didn't miss anything here
- Root with modifying /system is also still operational. I can't predict what the exploiters will need.
- I'm not sure where we're going with this. Future roots may require a clean system.

BETA-SuperSU-v2.56-20151030013730.zip
The Following 505 Users Say Thank You to Chainfire For This Useful Post: [ View ]
8th October 2015, 03:40 PM |#3  
Chainfire's Avatar
OP Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 79,080
 
Donate to Me
More
EXPERIMENT: Root without modifying /system #2: Automation
EXPERIMENTAL, ARE YOU SURE YOU WANT THIS ?

All discussion should go the SuperSU BETA thread

Continuing on the previous post, here is SuperSU v2.62 BETA, with automated boot image patching. It's been tested by myself on various Samsung's running anything from 4.3 to 5.1, and all of the recent Nexus devices on 6.0. Even on CM13. Other users have tested it with success on various other devices.

If you are coming from any SuperSU install in /system, you must re-flash the stock system (and vendor and oem, if present) partition contents prior to installing this.

If you are coming from a SuperSU 2.56 system-less install, you must re-flash the stock boot image prior to installing this.

If you are coming from a SuperSU 2.60 system-less install, or were not rooted at all, then you can just flash the ZIP without any special prior instructions.

If TWRP offers you to keep /system read-only, indeed keep it read-only.

If TWRP tells you SuperSU is not installed, and asks you to install it, do not do it, you will break things!

If on Android 6.0 or Samsung 5.1, the ZIP installer will install SuperSU in systemless mode and patch the boot image. The boot image patcher currently only supports gzip compressed ramdisks and the standard Android boot image format. Some devices do not use the standard format, and many custom kernels use a compression other than gzip. A backup is made (/data/stock_boot_<sha>.img.gz) of the original boot image before patching it.

Further implementation details (including an updated list of changes to the ramdisk) are explained in the installer script itself, as usual.

Notes on 2.62+

A poor man's overlay is used on /system/xbin. We are creating a copy of /system/xbin in /su/xbin_bind, adding a symlink to /su/bin/su there, then mounting the entire thing on top of the original /system/xbin. This is likely to fix some compatibility issues with some apps, without actually modifying /system. Removing /su/xbin_bind and rebooting will disable this feature, or "echo BINDSYSTEMXBIN=false>>/data/.supersu" in recovery root shell before a SuperSU ZIP flash.

If you have one of those devices that refuse to remount system r/w in Android such as the Nexus 6P, but you do want to do this, "echo FSTABSYSTEMRW=true>>/data/.supersu" in recovery root shell before a SuperSU ZIP flash will patch the boot image in such a way that remounting will work. This feature itself breaks OTA compatibility, regardless of if you end up writing to /system or not.

Both of these features are likely temporary.

Notes on 2.64+

There have been a lot of changes to the ZIP installer. Hopefully they won't break a lot of installs. If 2.64 works well, it is likely to be promoted to the "main beta" in place of 2.52, and the How-To SU document will be updated with the relevant information.

A major change in setup is that the ZIP installer will try to detect 6.0 firmwares that can be rooted without doing a systemless install. In other words, a root that modifies only /system, but not the boot image. If this is possible, the installer will install into /system (unless you override via "echo SYSTEMLESS=true>>/data/.supersu").

This may catch (a) firmwares that allow sepolicy reloading from /data but have a locked bootloader and (b) custom firmwares setup to handle this. Regarding the latter, while it is not as clean as systemless, those running custom firmwares are more likely to want to modify /system anyway, it is less likely to mess with updates to those firmwares, and it prevents the necessity of reflashing the ZIP after each kernel switch. Of course, the kernel's SELinux policies must support this! See this thread for details for devs.

Notes on 2.65+

As 2.65 adds /su/xbin, I recommend flashing the ZIP rather than installing the APK from the ZIP, as some people tend to do.

Notes on 2.67+

I recommend flashing the ZIP rather than installing the APK from the ZIP, as some people tend to do.

Downloads

BETA-SuperSU-v2.60-20151205163135.zip
BETA-SuperSU-v2.61-20151207213702.zip
BETA-SuperSU-v2.62-20151210170034.zip
BETA-SuperSU-v2.62-2-20151211155442.zip
BETA-SuperSU-v2.62-3-20151211162651.zip
BETA-SuperSU-v2.64-20151220185127.zip
BETA-SuperSU-v2.65-20151226141550.zip
BETA-SuperSU-v2.66-20160103015024.zip
BETA-SuperSU-v2.67-20160121175247.zip
The Following 856 Users Say Thank You to Chainfire For This Useful Post: [ View ]
8th October 2015, 03:40 PM |#4  
Chainfire's Avatar
OP Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 79,080
 
Donate to Me
More
Changes
(The changelogs for the specific SuperSU versions can be found here: http://forum.xda-developers.com/show...24&postcount=3)

2016.01.21
- v2.67 ZIP

2016.01.03
- v2.66 ZIP

2015.12.26
- v2.65 ZIP

2015.12.20
- v2.64 ZIP

2015.12.11
- v2.62-3 ZIP:
--- (systemless) ZIP: Fix calling wrong script name for custom patcher script
--- (systemless) ZIP: Improve APK overwrite
--- (systemless) ZIP: Do not move backups from /cache to /data, just copy them
(there are no changes to SuperSU itself compared to v2.62, just minor script changes in the ZIP)

2015.12.10
- v2.62 ZIP

2015.12.07
- v2.61 ZIP

2015.12.05
- v2.60 ZIP with automated boot image patcher

2015.10.30 #2
- Added systemless root experiment for other Nexus than hammerhead

2015.10.30
- Added systemless root experiment for hammerhead

2015.10.28
- Added Angler kernel
- Added Razor mra58u kernel

2015.10.20
- Added Bullhead kernel

2015.10.08
- New image for Fugu, requires v2.51

2015.10.07
- New images, should fix the factory reset issues some users with encrypted data were seeing
The Following 413 Users Say Thank You to Chainfire For This Useful Post: [ View ]
2nd February 2016, 07:36 PM |#5  
Chainfire's Avatar
OP Senior Moderator / Senior Recognized Developer - Where is my shirt?
Thanks Meter: 79,080
 
Donate to Me
More
The latest WIP version has become the main BETA version.

For all intents and purposes, this thread is closed. It will be cleaned up and unstickied in good time.
The Following 101 Users Say Thank You to Chainfire For This Useful Post: [ View ]
Thread Closed Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes