NOTICE: This content was originally posted to Google+, then imported here. Some formatting may be lost, links may be dead, and images may be missing.
A while ago, I already reported on the state of AOSP and its repercussions for root apps - https://plus.google.com/+Chainfire/posts/Lyhjzu1z9s1
With 4.4.3 (or 4.5, or ...) expected to be released very soon, it was time to take another look at the state of AOSP, and it appears there are changes aplenty! Of course, current AOSP is not the same as stock 4.4.3, so some things may yet change - though I don't really expect them to.
Let's get this out of the way first - I have built a new version of SuperSU (v1.97) with all the massive changes required to work on the latest AOSP builds. It is linked in the box below, or you can click here - http://download.chainfire.eu/supersu
I am not spreading this version through Play just yet, but I encourage all tech-savvy users to give it a shot and report back issues, not just for AOSP builds but also for older common firmwares.
I have tested this build on over a dozen devices running various Android revisions in various states, and it all worked for me. The first rule of Android development thus guarantees that there will be a lot of breakage and it will crash for absolutely everyone - so don't forget to report those problems.
The XDA thread for SuperSU can be found here - http://forum.xda-developers.com/showthread.php?t=1538053 - and is the preferred location for feedback. G+ comments do not work as well for bug reports.
Of course, my How-To SU guide - http://su.chainfire.eu/ - has also been updated with the changes, and aside from the rest of this post, I would urge every developer to re-read the SELinux section.
SELinux on steroids
In my previous post on this subject, I already mentioned the need for root apps to switch contexts for certain situations. The method I used then no longer works on AOSP (it was already broken on Samsung's latest 4.4 stock firmwares as well), but the relevant code for the -cn/--context su parameter has been replaced with a version that does work again - and is much, much more complex.
Context switching is becoming much more important for root apps, as SELinux policies have been made significantly more secure. For example, executing code in /data as root doesn't work in the default context, and calling Java-based code (like 'am' and 'pm') should no longer be done from the default context either, as things will break in new and exciting ways; apps contacting daemons using sockets as IPC mechanism no longer work out-of-the-box; the list goes on - the How-To SU guide has details on these issues and on how to switch contexts to solve them.
Thanks to these changes, SuperSU has gained some more binaries in its installation, so if you are doing custom ROMs with integrated SuperSU, be sure to look at the new flashable ZIP and copy the changes/additions.
Additionally, the SuperSU daemon now must run as the init context (not the init_shell or whatever context), or things will not work correctly. This was always the way it was meant to be, but I know this is not the case on some custom ROMs.
It seems ART is now the default setting in AOSP. It remains to be seen if that is carried over to production firmwares, but it creates some issues for root apps.
Above I detailed the need to call Java-based code like 'am' and 'pm' from a different context. Of course, existing root apps don't yet do this. If you're running Dalvik, some of the 'am' and 'pm' options still work without issue, and some simply don't work at all. If you're running ART though, the combination of SELinux restrictions and the immaturity of ART can cause crashes that take down the entire system.
That's right - the wrong call to for example 'am' will crash Android entirely and ultimately lead to a reboot. Not to mention that it will then also have to re-optimize all the packages (snore). Maybe this will be fixed before official release of 4.4.3, but I wouldn't count on it, as these crashes never happen outside of root apps.
As such, I would advise early adopters of root apps on 4.4.3 to run Dalvik for the moment, and for developers to make haste testing with ART on current AOSP builds.
It also appears PIE (Position-Independent Executable) is now a requirement. Non-statically built executables must be PIE, or they will not run at all (even if switched to the right context).
PIE has been supported since Android 4.1. So this means that if you are not using statically built executables, you need to provide a PIE and a non-PIE version if you want to support both pre-4.1 and post-4.4.2.
Note that the NDK's Application.mk's APP_PIE option can be used to enable building your executable as a PIE.
For a lot of root apps this is not a problem, as they come with statically linked executables (if any), which still work. But some apps will definitely choke on this.
This version of SuperSU took quite a bit longer to update than I had expected. For most apps, work-arounds (if needed) will not be very complicated. Unfortunately, most of the simple work-arounds were not viable for SuperSU and all it's edge cases - they would seem to mostly work, but then I'd run into a needed case where it didn't - repeatedly. Granted, I didn't know that much about SELinux when I started out - and now I feel I know more about it than any sane person could want ... live and learn!
Either way, these additional changes made in AOSP since the last time I looked mean that a lot more root apps will need updating than I initially thought - still by no means all of them, but certainly a lot of them.
Let's get to it!
Thanks for all of your great work. Flashing v. 1.97 on my Gnex right now
Thank you for the heads up.
Isn't 4.4.3 already out? You are talking about 4.5 right?
We can't flash it on 4.4.2?
+Allen Edmonds i thought it went live for Nexus 5 the very next day 4.4.2 came out for it. Some people even joked Google was doing nightlies now. Hahahahaha.
+Bruno Iannelli I just flashed this on my Gnex running 4.4.2 (PA ROM.)
Could I flash it on aosp 4.4. 2? Or must to wait for 4.4.3 imperative?
+Bruno Iannelli OK to flash on aosp 4.4.2. Just make a backup first.
I'm afraid of! ! Are you sure? Really
Ok so it's like before
sounds like xposed framework will cause headaches in android 4.5
+Daniela Okafor xposed ALWAYS causes headaches. For devs and users
I'm guessing a lot of AOSP master commits won't show up in 4.4.3, but will show up in a future release.
+Daniela Okafor ya hence I probably won't be rooting my s5 until new Android is out and released by Samsung
I got a feeling if 64bit doesn't come out with but Android version. Would be the one after and that would change things up entirely!
Thank you so much for this. +1'000.000
Thank u so much for making this so easy and convenient for nooks like me. Don't know what I would do without you.
This is why people should buy the SuperSU Donation package. The next Android release issues with su are mostly solved before it's even released. Thanks Chainfire :)
This is great info and thanks for sharing. That said, I'm just a user (now) and wanna scream from the hilltops how much you are appreciated.
Installed on Note 3 running CivZ_FlexKat REv 2.8 with 3.4.39-SneakyKat-Rev 1.8- 4.4.2. No issues, many thx dude.
+Edward K Lewandowski which Xposed modules did you have installed?
Chainfire is AMAZING. I went pro with this app the minute I read the full description....... best money I ever spent!!!!! Thank you so much
Я уже как месяц им пользуюсь Update скачал,и никаких проблем.Скачивал с XDA,спасибо им большое.Аминь.
Fantastic job +Chainfire ; I understand Google is trying to clean things up and improve Android's performance and security.
You're a wizard.
Dont forget for Donation..support +Chainfire for hard work.
hey man.. HAVE ROOT FOR S5 G900A ??
+Sajador Skolotaié i don't have any complains about KitKat , in fact it is the most supported Android version i've saw before , it currently has like 10 roms already including CyanogenMod , and it's not slow it's preety fast
I couldn't flash it on my Nexus 7 2013 running stock 4.4.2, while I did it successfully on my Nexus 4.
An approach I've been taking is to app_process my own apk and run a Main class. No need for binaries.
Я русский,и по английски no tolk.Но SuperSu-это 5+.Мой Samsung Ace Duos GT-S6802 and Alcatel One Touch все на нем.Пользуюсь UpdateSuperSu.zip Tы красава,успехов тебе!
Kept root on my Gnex running PA Beta4, Android 4.4.2. Running flawlessly
Heyyy root g900a galaxy 5 plss
Flash SuperSu (1.97)with CWM.. note 3 LTE custom rom X-Note..no issue...thanks +Chainfire..☆☆☆☆☆
Thanks....keep going with your amazing job!
You solved me a ton of problems with CyanogenMod , thanks for the update
As I said already on another thread: for some people it would be useful if the donation package would be available through the amazon app store. While some people got Amazon Coins and would love to spend them for this. :-)
Thanks. Your work is certainly appreciated.
+Koushik Dutta I've been doing that for a small number of apps as well. It's a neat solution, but not a viable one for every situation/app. Still, you might need to switch contexts beforehand to prevent issues...
+Christian Koch Amazon is being annoying for me as they don't have a presence in my country yet. Perhaps in the future.
Want to update to new SuperSU but really dont want to get stuck In a bootloop mentioned in comments above..Note 3 n900t running X-Note v13 international with CivZ SnapKat kernel & newest Twrp..was reading on xda about restore issues with Twrp & im pretty scared to try a restore...anyone have a hltetmo with Twrp having issues with backup & restore? Any feedback would be greatly appreciated
Any of you who lost root with the v1.97 version, please try the v1.98 version - http://download.chainfire.eu/supersu
Can I ask you a question here?
I also lost root in N7.2 (deb) with v1.97, but v1.99 works just fine.
+Chainfire okay. What a pitty. Then we have to wait. ☺
I'm looking for any experiences of using Survival Mode, going from JB to KK, specifically, 4.1.2 to 4.4.2. I have read root will survive this update, however, will lose R/W capability...can anyone confirm this, or otherwise?
SuperSu 1.99 install successfully on my MTK 6572 based 4.2.2 stock rom, via cwm 220.127.116.11 . but always request to update su binary on every launch.
I installed supersu too.
Genius ,if the rest of app devs would follow we could see a more efficient running root apks that run or can run executables and or change default values
But, I unstalled supersu
Great but you have to add a new version for samsung galaxy beam
I have galaxy s4 Mini