You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 24, 2023. It is now read-only.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a kernel module to provide `/system/xbin/su` to Android Kernel (especially to WSA).
This is the best root solution if hidding is required. When GKI is ready, kernelsu is definitely the next generation of root.
Only works on 4.17+ kernel. For older kernel, you can refer to the [origin repo](https://git.zx2c4.com/kernel-assisted-superuser).
Only works on 4.17+ kernel (both WSA and GKI is 5.0+). For older kernel, you can refer to the [origin repo](https://git.zx2c4.com/kernel-assisted-superuser).
## How it works
- Replace syscall `newfstatat`, `faccessat` and `execve` on `/system/xbin/su` to `/system/bin/sh`
- When `execve` on `/system/xbin/su`, change SELinux to permissive, set all kinds of uids and gids to 0 and permit all capabilities.
## Improvement
- Instead of setting SELinux to permissive, we should set the target process to a permissive context
- Instead of allowing all to access and execute `/system/xbin/su`, we should allow only permitive uid or gid.
- When `execve` on `/system/xbin/su`, change SELinux to permissive, set all kinds of uids and gids to 0 and permit all capabilities
- Set SELinux context `su` to permissive
- Set the selinux context of the current process to `u:r:su:s0`
