25
Jul
22Oct2007Winds04
Last Updated: July 29th, 2013

It's no surprise that Google's latest update to our favorite operating system is in instant demand amongst power users and enthusiasts. Without fail, the people eagerly installing 4.3 are frequently the same ones who consider root privileges a necessity for a good Android experience. Unfortunately, it seems a wrench has been thrown into the works when it comes to exposing ultimate access, and people are experiencing more than a few hiccups because of it.

For those who have already tried playing this game, you're probably aware that the original superuser app (by ChainsDD) and it's replacement authored by Koush aren't exactly compatible with the latest and greatest version of Android. Fortunately, SuperSU has had some success where other tools have failed, albeit with some complications.

* Update: Chainfire has written a couple of posts to clear up some details and misinformation that has circulated over the last few days.

What's causing so much trouble for would-be rooters? As it turns out, Google has removed a method for imparting extra powers in Android, a change which should help prevent a number of root exploits. With the latest iteration of Jelly Bean, /system is now mounted with the nosuid option, and it appears there is no built-in method to otherwise grant higher privileges. "Zygote processes," which are responsible for executing apps, are now restricted from running setuid root binaries, which includes su. Linux-based operating systems, like Android, divide apps between privileged processes which are free to do virtually anything, and unprivileged processes which have to be granted "capabilities" for certain actions. This system works much like the Android permissions we're all familiar with, but at a much lower level. As of Android 4.3, virtually all of these capabilities have been retracted from the standard "Zygote process" that most apps run in, including the one we care about, CAP_SYS_ADMIN. The side-effect of this change: even apps running as root are still restricted from making several system calls. Chainfire's solution sidesteps this pitfall by acting as a proxy, effectively performing the intended system calls on behalf of root apps. As Koushik Dutta points out, this solution is a workaround, but one that makes sense until another option can be found. As part of Chainfire's latest posts, he acknowledges there are some drawbacks to the current code, but he is working on plans to shore up the implementation now that the changes in 4.3 are official.

Unfortunately, some users are reporting Chainfire's method may not be without its problems - including complaints of 100% CPU utilization and random hangs of the SuperSU app. Complications with some apps like Titanium Backup (solved by changing your backup folder location from /storage/emulated/0/TitaniumBackup to /storage/sdcard0/TitaniumBackup, thanks to Jason Bowers and Chainfire), further issues with writing to /system and /data/local, and apps being granted root but not acknowledging it, are also being reported. [Update] Most issues have been resolved with SuperSU v1.43. To reduce the likelihood of problems, it's strongly suggested that you use TWRP instead of ClockWorkMod (CWM), or uncheck the option to "disable stock recovery flash" in CWM. Also, do not use "avoid system recovery," as it will definitely create issues.

Given the popularity of root apps, it's a safe bet that a permanent solution will emerge fairly soon, whether that means furthering Chainfire's solution or adopting something new. In the mean time, developers of custom ROMs like CyanogenMod are exploring options and might even consider restoring pre-4.3 functionality. For those users who have upgraded to 4.3, Chainfire's SuperSU is currently the only working option.

If you are currently toting a Nexus device, you may also want to check out our guides to installing Android 4.3 and rooting your device (Nexus 4, Nexus 7 (2012), Nexus 7 (2013), Galaxy Nexus (takju/yakju)).

Thanks, Jorrit!

Source: Koushik Dutta, Chainfire 1, 2, 3, Patch Request

Cody Toombs
Cody is a Software Engineer and Writer with a mildly overwhelming obsession with smartphones and the mobile world. If he’s been pulled away from the computer for any length of time, you might find him talking about cocktails and movies, sometimes resulting in the consumption of both.

  • Tony Sarju

    They'll sort it all out soon. They are great at what they do.

  • Christopher Lee

    Don your protective gear and firefighter hats folks. We may have some incoming "GOOGLE Y U NO OPEN" complaints.

    • Guest

      Prepare for troll pics.

  • George Av

    tl'dr :P fuking trains are so bumpy

    • tyguy829

      dafuq?

      • PhoenixPath

        The train bounced a lot, making the text of the article hard to read on his mobile device...

        Not sure why it was easier to post on a bumpy train than to read, but...go figure...

        • tyguy829

          ohhh hahaha i thought he was saying the tl;dr version of the article was "fuking trains are so bumpy"

          • PhoenixPath

            Ah! I should have stuck with that. Much more entertaining!

  • firesoul453

    Google had good reason to do it, still its kinda annoying for us rooters

  • Stephan Sch

    I had / have no issues with root. Flashed the JWR66V version though - not the JWR66N

    http://www.androidfilehost.com/?fid=23050663588004537

    • Dominic

      I love you. This worked! I have spent hours trying to fix the 100% CPU Utilization issue as it has brought my Nexus to a stand still and destroyed my battery life. I kept losing root randomly with the JWR66N version provided by chainfire on Google+, but this absolutely fixed it! All my apps now recognize root, the SU binary was recognized, and no more 100% CPU utilization.

  • Michael Plastina

    Kernel implementation of SELinux?

    • firesoul453

      Whats your question?

      • http://shanked.me/ Shank

        He meant, "is it because of SELinux that this behavior is happening?"

        SELinux is the secure mode that the Linux Kernel operates in to verify the integrity of the operating system and run in a secure manner. I believe it does some things to restrict root access by authenticating all files and processes.

  • PhoenixPath

    Heh...just now noticed that I don't have root after flashing the factory image on my Nexus 10....apparently don't use it nearly as much as I thought I did.

    *shrug*

    It'll probably be fixed before I need it. (Yay!)

    • firesoul453

      I mainly use root for wireless tether, but on a nexus tablet, thats already really non restrictive, not having root doesn't matter much.

      • PhoenixPath

        Heck, haven't even felt the need to throw Nova on there. I might actually be "over" the whole customization thing for a while.

        • mgamerz

          The literal only thing I miss on my nexus 7 (pure vanilla rom) is adblock. That's pretty much the only reason I root these days. Maybe titanium backup if theres an update I'm not going to like. And I guess tasker.

          • Cerberus_tm

            That's three important things already...

          • mgamerz

            Yeah, but those are from my phone. I have my phone rooted. I don't use root tasker functions on my tablet (I suppose I could but I haven't found a use yet), and I haven't really used titanium backup at all on it. So its still really only adblock. But I only use those three root functions on all my devices.

        • Anthony Restaino

          The stock launcher is finally smooth enough with 4.3 IMO

      • Gav456

        I'm forever roming my sensation and find I use root access regularly. I've had my nex7 for over 6 months, never bothered rooting it (mainly so I can still use skyGO) but I don't even miss root. I only used it to drop sense methinks.

  • Cyrill Kunze

    I would prefer an implemantation of sudo directly into android, hidden in the developer options. Works on every linux desktop without affecting the security or noobs going to crash the system. That would be awesome!

    • firesoul453

      Not gonna happen lol. Too many manufacturers and phone carriers would complain

    • Varun Priolkar

      Giving root access over / is not recommended due to firmware files in root. If any app gets root it can brick the device. Add to that the negatives of control over / system
      Giving access over /system is what rooting actually means on android. Giving this access to a malicious application may have dire consequences. This is what windows does by defaul(analogy) on desktop and should be avoided at all costs unless you want malware on your system
      This is how I understand it. I may be wrong though. Got my first android device just days ago

      • Cyrill Kunze

        Thats not correct at all. Sure, you can brick your device or apps can harm your security. But it's far away from your windows example. There is no permanently root access. Thats how it works on every linux desktop without affecting the security: http://en.wikipedia.org/wiki/Sudo
        What supersu does is comparable.

        • Varun Priolkar

          Ah my bad
          So the suid of the application is changed to that of the root right? Isn't that still dangerous If you accidentally give root to a malicious application?

          • Cyrill Kunze

            @Cerberus_tm:disqus You're right. Bricking was the wrong word to describe what I want to say. Boot into recovery to enable will be ok, right. Clear an natively build into android!
            @varunpriolkar:disqus I think there is no accidentally. In the actual supersu app you have also the option to save every root access with your own password on every root request!

        • Cerberus_tm

          Not to mention that you can't brick a device if you still have Recovery and Boot, right. Applications should never be allowed to touch those, and they don't and can't, so I cannot but 100 % agree with you: rooting should be built into Android. But I would prefer if you had to enable it from Recovery or from the boot loader, though. You only need to to it once, and having to boot into recovery is an extra safety step, right?

          • jjohn

            If you were root, you could modify files in recovery as well.

          • Cerberus_tm

            Yes, so what do you mean?

        • mechapathy

          Didn't know sudo was written in Buffalo. Wooo! Buffalooooo! It's like a little nod to my hometown every time I use it.

    • ProductFRED

      It's entirely possible for a rogue program to take control of a Linux system, like any other OS. The reason you don't hear about Linux being "hacked" often is because most consumers rely on Windows, and to an extent, Mac OS X. In other words, it's not "popular enough" for hackers to create viruses, worms, etc for.

      Due to the very personal nature of mobile phones, adding sudo directly into the OS is not such a good idea. Especially when Android phones top the phone market in ownership and usage.

      • Cyrill Kunze

        I know what you want to say but every deskop system include an option to be root, administrator whatever. It's necessary from the ground. And I wouldn't say windows or any other os is per se insecure

        • gierso

          unless you get a rogue USB drive with nasty viruses then its insecure per se :P
          but any way it should be included and then build security around root so only you via a password can use it!

      • SickoPsycho

        I agree- security through obscurity- but also disagree. Linux is inherently more secure than windows for that reason and others. I'll leave osX out of this to keep it short(er)...
        First of all you're right, Linux users are the minority so it would be a lot harder to write an EFFECTIVE virus/worm etc. There are also so many different flavors (distros) of Linux that a virus to FreeBSD might not work on Ubuntu.
        There is only 1 Windows OS (aside from the windows mobile) that just comes in different versions, and vulnerabilities are often left open through the upgrades.
        Another reason Linux is more secure is the fact that users typically do not have administrative privileges off the gate- as opposed to windows where it is rare (nare unheard of) for a user to not have full administrative privileges. With a Linux system you have to escalate your privileges every time you want to make changes that require root access.
        One of the best things that Linux has going for it is the sheer number of people who search out and fix bugs. As an open source OS- it's the community who betters it. If a bug is found it's quickly patched and everyone is happy. That isn't the case with Windows- where a limited number of employees work to fix and fix bugs and release updates seemingly at their leisure.
        Windows does have security features which could put it in the running with windows but these are nearly never implemented by the masses. People get sick of the UAC window and disable it. People don't want to have to go the extra steps to install programs- and will be damned if they have to switch accounts just to take care of some admin tasks.

        Anyway- just my $0.02
        Edit: and I realize it has very little to do with the topic at hand- I just got insulted when I read what you wrote about Linux not being any more secure than Windows. SHEESH. =)

        • ProductFRED

          No, it [Linux] is more secure. I meant that the potential for writing a virus (any, effective or not) is the same.

    • gierso

      it should actually be this way!! instate a sudo password for protection like in linux and that way who wants root uses password and who doesnt simply never input any :)

  • mgamerz

    Secure Settings (plugin for tasker)'s airplane mode toggle doesn't work :(
    but it can modify what airplane mode does...

    Makes my auto airplane mode hard to use :(

  • Varun Priolkar

    Why can't custom roms just revert back the part of code causing all the trouble?

    • blumpkinator

      They can. This applies to using stock 4.3 images from google. Roms based on AOSP are not likely to have this issue.

      • ThomasMoneyhon

        Its for this reason I will patiently wait for 4.3 AOKP for the new nexus 7, my nexus 4, and the 2012 nexus i will be giving to my roommate.

  • http://www.innews.dk/ Erroneus

    Can't get root to work on my Nexus 4. Tried the two different SuperSU versions, which should be working and tried both from TWRP and CWM. Tried with wipe of cache/dalvik, tried using Unroot-UninstallBusybox-CwmManager, no change, so I've given up and waiting for a new SuperSU version, which hopefully works :)

  • firethorn

    The latest update should fix some of the issues including the CPU spike: https://plus.google.com/+Chainfire/posts/Jkuu84odnx6

    For me, it has been working pretty well so far. Chainfire does an awesome job.

  • Heon Jun Park

    Well there is my deal breaker to wait till Devs work everything out...
    I am pretty happy with CM 10.1.2 anyways

  • http://www.androidpolice.com/ Artem Russakovskii

    I love what SuperSU and Chainfire are doing, but I am having a lot of trouble with writing to /system still. Remount errors, I can't copy files into /system, but I can rename files in there. Also can't seem to copy into even /data/local. Really weird stuff on the N4.

    For now, I'm just using the file manager in TWRP, but it's kind of a pain. Anyone know a solution to this?

    https://plus.google.com/u/0/107797272029781254158/posts/btmMoVrsiWf

  • Luna Magalhaes

    Luna

  • jay

    can any one pls ans, is the olleh model note2 SHV-e250k a bootloader locked device,