KernelSU - Kernel-Assisted Superuser for Android Root Shell

Search This thread

zx2c4

Recognized Developer
Sep 12, 2013
213
851
Paris
www.zx2c4.com
Like being able to do quick cycles of `fastboot boot out/arch/arm64/boot/Image.lz4-dtb`, but annoyed by the lack of root this way? Well this atrocious idea might be the thing for you!

Git repo: https://git.zx2c4.com/kernel-assisted-superuser/about/

Instructions:

1. cd into your kernel tree.
2. Run this command:

curl -LsS "https://git.zx2c4.com/kernel-assisted-superuser/plain/fetch-and-patch.sh" | bash -

3. Enable CONFIG_ASSISTED_SUPERUSER=y in your config.
4. Gain root by running su.

For so many reasons, this is an awful idea and totally insecure. Don't ship kernels to your users with this enabled! I've tested this on the Pixel 3.

screenshot.png


XDA:DevDB Information
KernelSU - Kernel-Assisted Superuser for Android Root Shell, Kernel for all devices (see above for details)

Contributors
zx2c4
Source Code: https://git.zx2c4.com/kernel-assisted-superuser/about/

Kernel Special Features:

Version Information
Status: Snapshot

Created 2018-11-22
Last Updated 2018-11-23
 

linuxct

Social Contributor
Aug 10, 2012
2,088
6,114
A really amazing idea that needs to improve it's implementation. Kinda curious to see how this will connect with an userland "Manager" app to allow or deny root permissions to specific apps.
Best of luck
 

janjan

Recognized Developer
May 20, 2007
3,209
3,446
Aalborg
tweaksyourandroid.weebly.com
Brilliant. Compiled and used successfully!

Do u mind to share your secret? How did u apply the patch?

---------- Post added at 12:17 PM ---------- Previous post was at 12:13 PM ----------

Could you give me a link to the github for your kernel source?

Here you go. I tired with this kernel source. Theoretically it should work with every kernel source or?

https://android.googlesource.com/kernel/msm.git/+/android-wear-8.0.0_r0.51

Thank you for your time.
 

zx2c4

Recognized Developer
Sep 12, 2013
213
851
Paris
www.zx2c4.com
Here you go. I tired with this kernel source. Theoretically it should work with every kernel source or?

https://android.googlesource.com/kernel/msm.git/+/android-wear-8.0.0_r0.51

Thank you for your time.

Works for me:

Code:
zx2c4@thinkpad /tmp $ git clone --depth=1 -b android-wear-8.0.0_r0.51 https://android.googlesource.com/kernel/msm.git
Cloning into 'msm'...
remote: Counting objects: 54085, done
remote: Finding sources: 100% (54085/54085)
remote: Total 54085 (delta 1547), reused 16213 (delta 1547)
Receiving objects: 100% (54085/54085), 150.50 MiB | 4.91 MiB/s, done.
Resolving deltas: 100% (1547/1547), done.
Note: checking out 'd168a1c746673da2b858fd8be7e09553a9dd87a2'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b <new-branch-name>

Checking out files: 100% (51192/51192), done.
zx2c4@thinkpad /tmp $ cd msm
zx2c4@thinkpad /tmp/msm $ curl -LsS "https://git.zx2c4.com/kernel-assisted-superuser/plain/fetch-and-patch.sh" | bash -
[+] Downloading
[+] Patching
[+] Committing
[detached HEAD faebd9fb] android: Add superuser driver
 3 files changed, 153 insertions(+)
 create mode 100644 drivers/base/superuser.c
[+] Done!
[*] Remember to enable CONFIG_ASSISTED_SUPERUSER=y for this to work. Then simply use `su` for root.
 

janjan

Recognized Developer
May 20, 2007
3,209
3,446
Aalborg
tweaksyourandroid.weebly.com
Works for me:
Code:
zx2c4@thinkpad /tmp $ git clone --depth=1 -b android-wear-8.0.0_r0.51 https://android.googlesource.com/kernel/msm.git
Cloning into 'msm'...
remote: Counting objects: 54085, done
remote: Finding sources: 100% (54085/54085)
remote: Total 54085 (delta 1547), reused 16213 (delta 1547)
Receiving objects: 100% (54085/54085), 150.50 MiB | 4.91 MiB/s, done.
Resolving deltas: 100% (1547/1547), done.
Note: checking out 'd168a1c746673da2b858fd8be7e09553a9dd87a2'.

You are in 'detached HEAD' state. You can look around, make experimental
changes and commit them, and you can discard any commits you make in this
state without impacting any branches by performing another checkout.

If you want to create a new branch to retain commits you create, you may
do so (now or later) by using -b with the checkout command again. Example:

  git checkout -b <new-branch-name>

Checking out files: 100% (51192/51192), done.
zx2c4@thinkpad /tmp $ cd msm
zx2c4@thinkpad /tmp/msm $ curl -LsS "https://git.zx2c4.com/kernel-assisted-superuser/plain/fetch-and-patch.sh" | bash -
[+] Downloading
[+] Patching
[+] Committing
[detached HEAD faebd9fb] android: Add superuser driver
 3 files changed, 153 insertions(+)
 create mode 100644 drivers/base/superuser.c
[+] Done!
[*] Remember to enable CONFIG_ASSISTED_SUPERUSER=y for this to work. Then simply use `su` for root.

Yes. It works now. It works when I use "git clone --depth=1 -b".
It patched successfully and I also compiled without any issue. I will test the kernel later tonight and see if it works for arm. It is very useful for Android Wear/wear os. No need to use supersu and magisk. I will let u know later. Thanks again for your effort to bring this. keep it up.

UPDATE: I just tried to use it with the following kernel source.
https://android.googlesource.com/kernel/msm/+/android-wear-p-preview_r0.5
It applied successfully but it give me error when I try to compile.

Code:
CC      fs/debugfs/file.o
../drivers/base/superuser.c: In function 'superuser_init':
../drivers/base/superuser.c:120:39: error: '__NR_newfstatat' undeclared (first use in this function)
  read_syscall((void **)&old_ ## name, __NR_ ## name); \
                                       ^
../drivers/base/superuser.c:133:2: note: in expansion of macro 'read_and_replace_syscall'
  read_and_replace_syscall(newfstatat);
  ^
../drivers/base/superuser.c:120:39: note: each undeclared identifier is reported only once for each function it appears in
  read_syscall((void **)&old_ ## name, __NR_ ## name); \
                                       ^
../drivers/base/superuser.c:133:2: note: in expansion of macro 'read_and_replace_syscall'
  read_and_replace_syscall(newfstatat);
  ^
../scripts/Makefile.build:257: recipe for target 'drivers/base/superuser.o' failed
make[3]: *** [drivers/base/superuser.o] Error 1
../scripts/Makefile.build:402: recipe for target 'drivers/base' failed
make[2]: *** [drivers/base] Error 2
make[2]: *** Waiting for unfinished jobs....
  CC      fs/devpts/inode.o

It is kinda strange. It applied and let me compiled successfully with source "android-wear-8.0.0_r0.51" but failed to compile with "android-wear-p-preview_r0.5". It gives me the above error.
 
Last edited:

ante0

Senior Member
Dec 28, 2009
3,214
1,581
Stockholm
Good job!

Kind of works as intended for me... Though, when I run 'su' in terminal I get:
"You are now root.
Killed".

However. I do have 'su' access in terminal without running it, so I guess it's kind of working as it should?
Only Root explorer has managed, so far, to work using your kernel su.
Titanium Backup complains about su not being found (It does look in /system/bin/su, so it should work I guess).

Edit: This is on a Mate 10 Pro using Pie.
 

Top Liked Posts

  • There are no posts matching your filters.
  • 67
    Like being able to do quick cycles of `fastboot boot out/arch/arm64/boot/Image.lz4-dtb`, but annoyed by the lack of root this way? Well this atrocious idea might be the thing for you!

    Git repo: https://git.zx2c4.com/kernel-assisted-superuser/about/

    Instructions:

    1. cd into your kernel tree.
    2. Run this command:

    curl -LsS "https://git.zx2c4.com/kernel-assisted-superuser/plain/fetch-and-patch.sh" | bash -

    3. Enable CONFIG_ASSISTED_SUPERUSER=y in your config.
    4. Gain root by running su.

    For so many reasons, this is an awful idea and totally insecure. Don't ship kernels to your users with this enabled! I've tested this on the Pixel 3.

    screenshot.png


    XDA:DevDB Information
    KernelSU - Kernel-Assisted Superuser for Android Root Shell, Kernel for all devices (see above for details)

    Contributors
    zx2c4
    Source Code: https://git.zx2c4.com/kernel-assisted-superuser/about/

    Kernel Special Features:

    Version Information
    Status: Snapshot

    Created 2018-11-22
    Last Updated 2018-11-23
    3
    Great, actually amazing, work on this,. I'm sure Google will be having a meeting of angry "security specialists" sometime soon crying about the future of Android.

    Also can't wait for the first idiot to put this in their production kernel.
    3
    KernelSU is a game-changer thing. Keep it up!
    3
    Great work @zx2c4
    Worked fine on my OnePlus 5T, and even my kernel manager gained root privilege...
    Looking forward to seeing this concept as a fully developed rooting solution in the near future...
    Cheers...
    attachment.php

    attachment.php
    2
    A really amazing idea that needs to improve it's implementation. Kinda curious to see how this will connect with an userland "Manager" app to allow or deny root permissions to specific apps.
    Best of luck