05
Sep
icon

These days, it seems like everybody is trying to make Android more secure. As usual, rooting and modding are often casualties of this effort. Just over a month ago Android 4.3 broke the existing model for root, forcing updates to existing methods, and now Samsung is rolling out updated Android 4.2.2 firmwares for the Galaxy S 4 which fully enable the company's heavily secured KNOX environment. Fortunately, Chainfire is already on top of it and has updated his popular root software, SuperSU, to be compatible with the new system.

nexusae0_KNOX

Samsung has been charging full steam ahead on the movement towards corporate security. KNOX is the company's new secure enterprise solution which promises to make "Bring Your Own Device" policies more realistic in the workplace. The new Galaxy S 4 firmwares enable the security features of SELinux and set it to Enforcing mode, versus the formerly enabled Permissive mode which just logged "violations" without preventing them. This appears to be a first for Android, as SELinux has never been put into Enforcing mode on a consumer-level product.

The latest update to SuperSU adds compatibility with Samsung's KNOX / SELinux security restrictions such that root capabilities are still possible. If you are updating your S4 with Samsung's OTAs, you will have to re-root your device, which consequently installs the latest su binary. For anybody else, the updated binary isn't required, so the latest update to the Play Store version of SuperSU will not prompt to install the new binary. Chainfire has been careful to warn everybody that using Mobile ODIN or Triangle Away on KNOX-enabled firmware at this time is basically ensuring the quick demise of your phone, so don't do it.

There is possibly some generally bad news: some apps may not work properly as a result of new limits imposed by SELinux. There are already complaints that a number of root apps aren't functioning properly, and even several regular apps only work if they are reinstalled from scratch. This isn't a problem with SuperSU, but more likely related to changes in the security model employed by SELinux and how it handles stored settings and some app permissions. At this early stage, it's difficult to tell if this can be fixed by simply clearing app data, or actual adjustments to code are required to be more friendly with KNOX.

While the main focus of the SuperSU update was to support Samsung's first incarnation of the new security system, it also fixes problems related to OTA Survival for Android 4.3 users. This should make things a little easier when Google pushes out subsequent updates for our Nexus devices, and eventually the same happens from assorted OEMs.

You can pick up the latest CF-Auto-Root here and the latest flashable SuperSU here.

[Sources: Chainfire 1, 2, 3, XDA]

Cody Toombs
Cody is a Software Engineer and Writer with a mildly overwhelming obsession with smartphones and the mobile world. If he’s been pulled away from the computer for any length of time, you might find him talking about cocktails and movies, sometimes resulting in the consumption of both.

  • http://www.androidpolice.com/ Artem Russakovskii

    <3 Jorrit, his name, and the letters T, O, R, and J. Oh, and Chainfire's a pretty cool chap too.

  • Gnex

    I hope the Verizon Moto X gets rooted soon. sadface

  • Floss

    "some apps may not work properly as a result of new limits imposed by SELinux"

    That is exactly the point of SELinux. You can't scre over the system with one root exploit.

  • Falkor

    Can someone help? I updated to 4.3 and reflashed that CF auto root at the bottom of the post up top, and also downloaded the updated SU and put it on my phone. When I flashed the auto root and reset the phone I was able to use my rooted apps again but the SU app is gone. When I go in to recovery, which is now the stock recovery again, the updated SU fails to load. It seems weird that I can use the rooted apps but don't have the SU app installed. Any ideas?