The final round of Developer Preview images released on Friday left a number of users without root access on their devices, but a lightning fast quick-fix by Chainfire had them back in business the following day. Yesterday, he took to Google+ with a follow-up of how it works and the issues that are making it more difficult to acquire root on the latest version of Android.
Due to increasingly effective security measures and stricter enforcement of SELinux, it seems that many, or possibly all of the available methods for initializing the SuperSU daemon at startup have been rendered ineffective. As part of Chainfire's updated root, custom kernels were posted for the Nexus 5, Nexus 7, and ADT-1 that switch a few SELinux policies to permissive mode so that SuperSU can be run in the correct context after a device boots up. He theorized that it may be possible to automatically patch kernels as part of the installation process, so many devices may not require custom support, but he's still working on this method. However, while flashing a modified kernel usually isn't a deal breaker on any device with an unlocakable bootloader (e.g. a Nexus), it may not be possible to root handsets coming from carriers that don't permit unlocking without some difficult hacks.
Chainfire went on to explain that some root apps, and even a few non-root apps, may have to be updated due to tighter security restrictions on Android 5.0. Most apps should be fine if they aren't attempting to access anything beyond what is generally intended to be possible through the SDK, but there are some additional restrictions, including parts of the filesystem that are now off limits. Chainfire says it will still be possible for root apps to modify SELinux policies to work around many limitations if it's absolutely necessary, but he is leaving as many enabled as possible to keep security intact.
The lesson here is that consumers should stick to buying products with unlockable bootloaders if they care about rooting. As SELinux, Knox, and Android itself continue to close up the holes that hackers might use to violate our devices, they are also making it increasingly difficult to root. Ultimately, we want the best security possible, but some people find that there are still certain things that can't be done within the confines of an unrooted device. Now that it may only be possible to root by modifying the kernel, it seems that unlocking a device will be a requirement going forward.
Source: Chainfire (Google+)