Related
THIS IS AN OLD THREAD
Stable releases have moved to the new thread here:
http://forum.xda-developers.com/apps/supersu/stable-2016-09-01supersu-v2-78-release-t3452703
-------------------------------------------------------------
SuperSU is the Superuser access management tool of the future
!!! SuperSU requires a rooted device !!!
SuperSU allows for advanced management of Superuser access rights for all the apps on your device that need root. SuperSU has been built from the ground up to counter a number of problems with other Superuser access management tools.
Features include:
- Superuser access prompt
- Superuser access logging
- Superuser access notifications
- Per-app notification configuration
- Temporary unroot
- Deep process detection (no more unknowns)
- Works in recovery (no more segfaulting)
- Works when Android isn't properly booted
- Works with non-standard shell locations
- Always runs in ghost mode
- Wake on prompt
- Convert to /system app
- Complete unroot
- Backup script to survive CyanogenMod nightlies
- Icon selectable from 5 options + invisible
- Theme selectable from 4 options
- Launch from dialer: *#*#1234#*#* or *#*#7873778#*#* (*#*#SUPERSU#*#*)
NOTE: Not all phones take both codes. On some phones you need to use single *# instead of double *#*#
The Pro version additionally offers:
- OTA survival mode (no guarantees)
- Full color-coded command content logging (input/output/error)
- Per-app logging configuration
- Per-app user override
- Grant/deny root to an app for a set amount of time
- PIN protection
- Per-app PIN protection
- Adjust auto-deny countdown
PROTIP:
For extra performance, disable notifications. Logging does not impact performance much.
Redistribution
Yes, you are allowed to embed the (free, non-Pro) SuperSU apk and su binaries in your own custom ROMs ! As is standard (and done by the attached ZIP), normal is to use /system/app/Superuser.apk for the apk and /system/xbin/su for the binary.
Want to help translate ?
See SuperSU project on GetLocalization ! http://www.getlocalization.com/supersu/
Download:
SuperSU on Google Play (free)
SuperSU *Pro* on Google Play (Pro/donate addon, requires free version)
TWRP / FlashFire installable ZIP:
Stable: http://download.chainfire.eu/supersu-stable
Beta: http://download.chainfire.eu/supersu-beta
Latest: http://download.chainfire.eu/supersu
Note that if you are already rooted, installing through Play is by far the easiest way to install SuperSU !
Issues installing / updating binaries ?
There's a thread for that: http://forum.xda-developers.com/apps/supersu/support-update-failures-t2907365
Education
Want to learn how to use "su" correctly from your own apps ? How-To SU !
ROM Developers
Feel free to include the (free version, unmodified) SuperSU APK in your ROMs. You do not need to ask me for permission to include it.
It would be nice if you would include minor advertisement in your ROM description, such as "Powered by SuperSU", or "Please support SuperSU". This is not a requirement, merely a request.
Who, what, why ?!
As you may know, I make a lot of apps that use or require root. I also release rooted kernels. I run into a lot of issues with existing Superuser tools. More importantly, a lot of my users run into these issues as well and then email me about it. So I decided to do something about this. Doesn't mean these were problems you have ever seen, or will ever see.
And thus, I have written - pretty much from scratch - SuperSU. I have taken the su binary command line parameter parsing from Superuser, to make sure that is compatible. Aside from that, it is completely rewritten, because how I wanted to do a number of things was incompatible with the existing codebase.
This is not a stab at ChainsDD, or his skills. He has done great work and will no doubt continue to do so, however, I felt the need for some of these changes, and thus made them. This is an early release, so I expect there will be some unforseen issues somewhere.
From now on, all CF-Root and Mobile ODIN Pro (EverRoot) releases will be built around SuperSU.
Please note that SuperSU is not hardened-security-tested or reviewed, and may be exploitable (... as may other solutions ...).
Changelogs
Changelogs continued from the previous post ...
26.12.2015 - v2.65
- (systemless) Add /su/xbin to su.img and PATH
- ZIP: Fixed force close issue when custom boot image is used
- ZIP: Reworked remounting (prevents bugged write to r/o /system on flo)
- ZIP: Added warning that first reboot may take a few minutes/loops
20.12.2015 - v2.64 - BETA
- (systemless) Detect more boot image partition names
- (systemless) Blank partitions before writing to them
- (systemless) Ask to restore boot and recovery images on full unroot
- (systemless) Implement "uninstall competing superuser apps"
- (systemless) Samsung: prevent "KERNEL IS NOT SEANDROID ENFORCING" warning
- (systemless) Cleanup system install properly if present, fixes a number of possible bootloops
- ZIP: 6.0+: Detect firmwares that can reload sepolicy from /data and use system-based root on these ("allow init kernel:security { load_policy }")
- supolicy: Additional SELinux patches for M (reduced logging only)
- Update translations
10.12.2015 - v2.62 - BETA
- (systemless) Do not attempt to patch fstab symlinks
- (systemless) Implement feature to en/disable Superuser
- (systemless) Poor man's overlay on /system/xbin for compatibility reasons (hopefully temporary) [BINDSYSTEMXBIN]
- (systemless) ZIP: Add reading setup variables from /system/.supersu and /data/.supersu
- (systemless) ZIP: Add option to patch /system to rw in fstab [FSTABSYSTEMRW]
- (systemless) ZIP: Added call to custom patcher script, if any (/data/custom_boot_image_patch.sh)
-2 (systemless) ZIP: Fix calling wrong script name for custom patcher script
-2 (systemless) ZIP: Improve APK overwrite
-3 (systemless) ZIP: Do not move backups from /cache to /data, just copy them
07.12.2015 - v2.61 - BETA
- (systemless) Fix kernel partition detection for some Intel devices
- (systemless) Added warning not to allow TWRP to install its own SuperSU version
- (systemless) Wipe /data/security/ on flash
- (systemless) Simplified kernel partition detection
- (systemless) Added /system cleanup if needed, /data cleanup always
- (systemless) Fix fstab verity removal for devices that do not list partition in the option
- Full unroot: set partition read/write before writing to it
- ZIP: Silence many error message writing to TWRP's recovery log
- ZIP: Added more documentation to the script
05.12.2015 - v2.60 - BETA
- (systemless) Fixed ZIP installer breaking Pro
- (systemless) Added automatic kernel patcher to ZIP installer
- (systemless) Added sukernel tool
- (systemless) Bind mount /system/[x]bin/su to /su/bin/su
- (systemless) Fixed cleanup options in settings
- (systemless) Now available for 5.1.x (by default for Samsung only, full unroot/reflash system before update)
- Made reworked context switching available to 5.1.x (testing, should come to more APIs soon)
- Fixed recursive mount issue on Samsung 5.1.x that could ultimately lead to root being lost
30.10.2015 - v2.56 - BETA
- Support for systemless su binary locations
10.10.2015 - v2.52 - BETA
- Adjusted more policies for M
- Fixed an issue with reading logs on M
- Reworked --context/--cn parameter (testing, currently M only, should eventually move to all APIs)
08.10.2015 - v2.51 - BETA
- Add support for x86 PIE binaries
06.10.2015 - v2.50 - BETA
- Fixed tapjacking protection not working < 4.4.3 (AOSP issue 54193)
- Updated libsupol headers
- armv5/x86 binaries now NDK built instead of AOSP
- supolicy adjustments for Samsung 5.1.1
- Removed extra donation feature
- Toybox support
28.04.2015 - v2.49 - BETA
- Fixed some audits on 5.x (found on S6)
02.04.2015 - v2.48 - BETA
- TWRP/M9 issue fixed
02.04.2015 - v2.47 - BETA
- Improved King removal
- Detect 'OEM' (bad) TWRP
13.02.2015 - v2.46
- Backupscript adjustments
- Remove more alternate su binaries
20.01.2015 - v2.45
- Installer adjustments
- Backupscript adjustments
- Updated language files
07.01.2015 - v2.44 - BETA
- su.d scripts no longer use logwrapper, this can prevent some scripts from running
- supolicy timing adjustment (MotoG 2014 fix?)
03.01.2015 - v2.43 - BETA
- Backuptool script adjusted again
- Fix native NPE in username resolution
- Fix some update failures when coming from a different root tool on 5.0
- LD_PRELOAD sanitization
- (C) 2015
21.12.2014 - v2.42 - BETA
- Fix rootfs remount issue that could lead to strange behavior on (for example) HTC M7 and M8
- Backuptool support for /system/su.d
- Some policy adjustments for CM12
17.12.2014 - v2.41 - BETA
- Improved dumpstate work-around
- Improved killing dead per-uid daemonsu
- Backuptool support for Lollipop
16.12.2014 - v2.40
- /system/su.d now executed for all daemonsu firmwares
- Adjust sysinit context if present
- Updated language files
10.12.2014 - v2.39 - BETA
- Skip reverse connection watch on firmwares using supolicy (SGS5 5.0 fix?)
- Fixed daemonsu not starting on truly permissive Lollipop
- Adjust daemonisation code
- Small L theme adjustments
- Updated language files
07.12.2014 - v2.38 - BETA
- Watch for and kill dead per-uid daemonsu (SGS5 5.0 fix?)
- Fix crash on clearing logs on 2.x
- Fix possible NPE on open
- Fix possible NPE on en/disable root
- Moved additional donations to the bottom of settings
- Small L theme adjustments
01.12.2014 - v2.37 (Gingerbread? )
- Binary update requires less space on /system
- Updated language files
28.11.2014 - v2.36
- Use material theme on 5.0 when launched from settings
- Fixed crash on 2.x and 3.x devices
- Fixed TWRP installer issue for 4.2
- Updated language files
27.11.2014 - v2.35 - RELEASE NOTES
- Fix mount namespace separation somtimes being disabled
- Donations via IAPs (user request)
25.11.2014 - v2.30 - BETA - RELEASE NOTES
- Layout adjustments for Nexus Player
- Installer adjustments for latest TWRPs
- Hiding icon now also hides from Leanback launcher
- Icon replacements
- ACCESS_SUPERUSER permission is gone
20.11.2014 - v2.27 - BETA - RELEASE NOTES
- 3rd generation app_process hijack
19.11.2014 - v2.24, v2.25 - BETA - RELEASE NOTES
- Updated policy patches
17.11.2014 - v2.23 - BETA - RELEASE NOTES
- Add PID tracer (--id) option to su
- Updated policy patches
16.11.2014 - v2.22 - BETA
- Fixed double refresh icon in logs in Holo theme (one should be delete)
- Add option to stop asking about disabling KNOX
- Updated backuptool script
- Disallow root access via daemonsu
- Updated policy patches
- Added kernel patching support
- API >= 19: run /system/su.d/* after SELinux policy patched
- Hide OTA survival option on L, not currently supported
- Adjust app title based on Pro status
- Fix disconnected daemonsu process gobbling up CPU
- More L theming
05.11.2014 - v2.19 - BETA
- Fixed various issues with 64-bit
- Fixed various issues with 5.0 path handling
- Fixed notifications sometimes showing up, even when disabled
- More L theming
04.11.2014 - v2.18 - intermediate Nexus9 version only
- Fixed various issues with 64-bit
- Apps fragment logs area hidden and refreshed automatically
- More L theming
31.10.2014 - v2.17 - BETA - RELEASE NOTES
- Fix inifinite loop caused by forced language change
- Fix SIGSEGV in daemonsu on sugote close with non-pty STDIN
- Clear app's data directories after full uninstall - https://code.google.com/p/android-developer-preview/issues/detail?id=531
- supolicy now linked dynamically
- setprop supolicy.loaded 1, and execute /system/xbin/supolicy_post.sh after supolicy runs at system boot
- Allow SuperSU GUI to be used without an up-to-date binary
- More L theming
25.10.2014 - v2.16 stable-ish
- Fix UID based grants being forgotten on reboot
- Fix display names of some edge cases (excluding in logs), and prevent these from being forgotten on reboot
- Various theme options added
- Added some basic material theming for L (no backport to 4.x), now default
- Automatic restart app if theme changed
- Automatically restart app if language is changed
- Fixed multilanguage support on L
23.10.2014 - v2.15 - BETA
- Fix sugote crash (NDK builds only) (cause for endless loading on apps/logs tab)
- Fix binary detection if switched from enforcing to permissive after boot
- Fix supolicy requirement < 19, not used there (yet)
15.10.2014 - v2.14
- Moved up PIE, MIPS and ARMV7 support from 4.1+ to 4.2+, fixes installer issues on 4.1 with OTA survival enabled
(fixes a number of binary update issues)
10.10.2014 - v2.13 - RELEASE NOTES
- Improved support for Android TV (adjusted icon, disable some features, use device default theme by default, etc)
- Updated language files
05.10.2014 - v2.12 - BETA
- Parse UID names to numbers manually if the system fails to do it
- Fix system user not gaining root even if "trust system user" enabled
- Transition to init context if started in init_shell context (if possible)
- Adjust boot sequence for encrypted devices
- Support MCS for -cn/--context switch
- Silence a larger number of audits on latest AOSP/L
- Many small changes to fix support for latest AOSP/L
- Secondary users are no longer able to change trust system or respect CM settings
25.09.2014 - v2.11 - BETA
- Fixed several errors in the binary updater related to both SELinux and 64-bit binaries
- Added experimental supolicy binary
24.09.2014 - v2.10 - BETA
- Fix root access being forgotten for apps interested in overlay hide notifications
- Check for removed apps at boot, and forget their settings if re-authentication is enabled
- Amazon Appstore support
- Updated language files
19.09.2014 - v2.09 - BETA
- Remove APK restriction to install to ARM and X86 only (issue for MIPS)
- Adjust recovery binary installer (some commands may have failed in 2.08)
- Notify interested apps (with root granted) when overlays need to be hidden
12.09.2014 - v2.08 - BETA
- Transition to init context if started in kernel context
- Experimental builds for armeabi-v7a, arm64-v8a, x86-64, mips, mips64
- Fixed erroneous fd close that could cause su session freezes
08.09.2014 - v2.06 - BETA
- Fixed occasional freezes and wrong exit code in sugote
02.09.2014 - v2.05 - BETA
- Remove busybox dependency in TWRP/CWM binary updater
- Fixed missing sugote-mksh in backupscript
- Fixed install script wiping out SuperSU Pro
- Added option to disable mount namespace separation
19.08.2014 - v2.04 - BETA
- Fix bug where grant as default access still showed a prompt
- Added reboot button in dialog after binary update
- Added tapjacking protection - may cause issues with screen dimming apps!
- Added removing Team Venom SU
- Added new dalvik-cache paths to clear on package maintenance
07.08.2014 - v2.03 - BETA
- Fix exitcode sometimes being wrong when full content logging is enabled
- Fix automatic OTA survival
27.07.2014 - v2.02 - RELEASE NOTES
- Fix internal zygote crashes on L preview
- Fix issues with L preview when SELinux set to permissive
- Fix un/reinstall of apps causing a UID mismatch, causing auto-deny
- Added notification telling user when binary needs to be updated
- Updated language files
30.06.2014 - v2.01 - RELEASE NOTES
- Update normal, TWRP/CWM, and CF-Auto-Root installers for changes in "L" preview (no binary update)
18.06.2014 - v2.00
(includes all v1.98 and v1.99r1/2/3/4/5 changelogs)
- Fixed issue in CWM/TWRP binary updater
- Update backuptool script for sugote
- Fixed binary detection issue on 4.2.2 and older
- Fixed context switch issue that could prevent confirmation popups from showing
- Fixed some installer issues
- Fixed an in-app update issue
- Further updates for new AOSP changes
- Fix prompt dialog timer display
- Prevent prompt dialog closing when tapping outside window
- Requests are automatically denied after 10 seconds if the screen is not unlocked
- Fixed property access on 4.2.2 and older
- Fixed busybox-related version detection issue (busybox symlinking FTL)
- Fixed occasional automatic refresh of displayed logs not happening
- Added toast display of silently denied apps during screen-off (notifications enabled, HoneyComb+)
- Fixed case where u:r:system_server:s0 context did not work (sugote-mksh added)
- Tapping outside of popup dialogs no longer closes them
- Fixed boot complete detection
- Default for respect CM root settings is now false
- Updated language files
18.05.2014 - v1.97 - RELEASE NOTES
- Massive implementation changes for next version of Android (devs: see How-To SU update and G+ post)
- Permissive SELinux installs now also use non-system mksh by default
- Fixed current working directory sometimes not being copied
- Fixed rare issue that could lead to high CPU use
- Fixed a few binary update failure causes
- Some special cases of failed binary update are now auto-corrected at boot
- Hardcode shell commands to toolbox instead of symlinks
- Updated language files
27.03.2014 - v1.94
- Fix FC for latest Note2 and S5 firmwares
06.02.2014 - v1.93 - RELEASE NOTES
- Add --mount-master option to su binary
- Fix for am crash (no GUI popups) when daemonsu started from an exceptionally early init.d
- Improved terminal support (changing dimensions)
- Remove daemonsu STDOUT/STDERR noise
- Cleaned custom process names
- Updated language files
20.01.2014 - v1.91
- New -cn/--context parameter for su binary (devs: see How-To SU update)
- Handle mksh being switched out for sh
- Daemon forces new session immediately at launch (moved up)
- Fixed reading dynamic properties on 4.4 (update ASAP if 4.4 user)
- Fixed issue where root wasn't granted on CM
- Updated language files
10.01.2014 - v1.89 (non-Play)
- Add support for Samsung 4.4
- Update copyright notices to 2014
17.12.2013 - v1.86
- Fixed non-priv root on some SELinux/Enforcing devices
- Fixed crash on credit display on older devices
- Updated language files
15.12.2013 - v1.85
- Fix su to non-root user on 4.3+
- Fix su permission reset on 4.4 (will not be an issue until Samsung comes out with stock 4.4 ROMs)
- Fix am crash due to external storage not being defined
- App now offers to install backup script if ROM supports it
- Expand trust system setting to include all higher-than-shell users
- Added credits display
- Completely removed nag capability
- Lots of code changes
26.11.2013 - v1.80
- Fixed x86 breakage
- Workaround x86 (bionic) credential checking failure
- Fixed ZIP oddities that may break installation
- Binary now denies root if PIN code set previously but GUI not present
- Su during boot behavior is now configurable (allow if no GUI installed)
- Renamed temporary internal shell
- Added question to disable KNOX popups if present
- Added option to enforce ACCESS_SUPERUSER permission
- Fixed some devices losing root
20.11.2013 - v1.75
- Added xxxhdpi icons (if available)
- Fixed issues with sd-ext based ROMs
- Updated language files
17.11.2013 - v1.72 BETA
- Fixed OTA survival 4.3 --> 4.4
- Fixed unresponsive tabs on 2.x devices
- Fixed white flicker when using dark theme
- Fixed issue with language resetting on some firmwares
- Fixed upgrading from CWM SU to SuperSU on 4.3+ without reboot
- Added mgyun root (vroot) uninstall procedure
- Added xxhdpi icons (if available)
- Stop touching .has_su_daemon
- Several dozen security hardening commits (mini-audit by Kevin Cernekee)
13.11.2013 - v1.69
- XBIN mode (some new roots need this)
- Slightly adjusted binary installer
- Backup script installation now available for all backuptool-capable ROMs
- Fixed su-ing to a non-root user not working on some 4.3+ firmwares
- Fixed BOOTCLASSPATH vulnerability (CVE-2013-6774)
- Fixed notification sanitization vulnerability (CVE-2013-6775)
- Fixed possible closed special files vulnerability
- Updated language files
10.09.2013 - v1.65
- Brought back ARMv5 compatibility
- Fixed compatibility issues with Android 2.x
- Updated language files
- ZIP: combined ARM+x86 support
05.09.2013 - v1.60
- Added SELinux+Enforcing compatibility (for new SGS4 ROMs)
- Fixed (newest) CWM versions asking you question that break root if answered wrongly
- Fixed issue with the TWRP/CWM binary installer
- Fixed 4.3 OTA survival looping
31.08.2013 - v1.55
- 4.3: Reworked OTA survival - should work properly now, and no longer causes OTA errors (also: +i removed from install-recovery)
- Daemon: client ENV is now provided to su'd calls
- Updated language files
29.07.2013 - v1.51
- Some 4.3 time-handling code caused problems on < 4.3 devices, making some root apps stop working
29.07.2013 - v1.50
- Daemon: proper storage mounts
- Daemon: per-uid mount namespace
- Daemon: another exitcode issue fix
- Daemon: adjusted reload code
- Daemon: descriptive process names
- GUI: added reboot advisory after binary update
- ARCH: Only ARMv7 and X86 are now supported, ARMv5 dropped
- ZIP: install also to install-recovery.sh and init.d
27.07.2013 - v1.45
- Daemon: fixed exitcode not always being passed from child shell to calling process
- Daemon: fixed possible credential check bypass
- GUI: now also updates install-recovery.sh
25.07.2013 - v1.43
- Daemon: code/security mini-audit by Joshua J. Drake
- Daemon: cwd is now respected
- Daemon: auto-daemon feature
- Deamon: fixed cpu spike issue
- Daemon: symlinks sdcard (temporary)
- TWRP-based update: fixed script error
- GUI: Added 4.3 update notice
- GUI: Removed full content logging global warning
- Updated language files
04.07.2013 - v1.41
- Fixed issue with TiBu in daemon mode
- Updated language files
03.07.2013 - v1.39
- Fixed full content logging with terminal apps
- Logs now use monospace fonts
- Added daemon mode for hard-to-root firmwares
15.06.2013 - v1.34
- Fixed various problems when accessibility options are enabled
- Fixed NPE in log screen
- Updated language files
07.06.2013 - v1.32
- Fixed bug in detection ACCESS_SUPERUSER permission
- Updated language files
21.05.2013 - v1.30
- Updated binary to work on some newer Samsung firmwares
- Nagging has done its job for now - disabled again
- Added backup script and CWM SU files to full unroot file removal
- Added option to remove other superuser apps
- Updated languages files
03.03.2013 - v1.25
- Fixed permission display on Play
- Fixed crash on open and immediate close
- Ask again time choice is now remembered per-app
- Updated language files
28.02.2013 - v1.20
- Added basic tablet theme
- New prompt activity for >= API 14 (Android 4.0)
- Changed default theme+icon to light+emblem (you can change it back in settings, if you want)
- Fixed custom dialog box themes in light+darkactionbar theme
- Fixed issues with the light theme
- Various minor modifications to UI
- Several security improvements
- Added TWRP/CWM binary installer
- android.permission.ACCESS_SUPERUSER - detection and display (disabled by default, see settings)
- Fixed process name detection issue
- Freeloader option (I'm not sure this is staying, so enjoy it while you can)
- Internal refactoring
- Updated language files
23.02.2013 - v1.10
- Added support for x86 devices
- Added basic multi-user support
- Language files updated
20.02.2013 - v1.05
- Fixed possible issue with OTA survival
- Fixed su binary notification freeze issue when suid bit lost
- Fixed background root command freeze when suid bit lost
- Improved su binary version and root presence detection
- Added cleanup stage (detected when needed) before converting to system app, to prevent settings loss
- Language files updated
02.01.2013 - v1.04
- PIN code now survives uninstalling Pro (vuln. fix)
- Fixed pm freeze in logs/settings (USB debugging)
- Fixed various util freezes (convert to system, uninstall) (USB debugging)
- Fixed minor UI text issues
- Language files updated
31.01.2013 - v1.03
- Fixed pm crash in logs/settings
- Reduce nag frequencey to 10%
- Add NoNag APK
- Language files updated
30.01.2013 - v1.02 - NOTES ON DUMPSTATE (click)
- Fixed (another) crash on icon change on Android versions older than 4.0.3
- Launch SuperSU through secret codes: *#*#1234#*#* and *#*#7873778#*#* (*#*#SUPERSU#*#*). Not all phones take both codes. On some phones you need to use single *# instead of double *#*#
- Update su binary parameter parsing to add Google-naive style params
- Dumpstate blacklist
- Language files updated
29.01.2013 - v1.01
- Fixed crash on icon change on Android versions older than 4.0.3
- Adjusted (un)installer code to remove .odex files and remove dalvik caches
- Adjust default icon in manifest
- Dumpstate no longer goes into infinite loop (dumpstate shouldn't kill phone anymore, but this has not fixed dumpstate being triggered - workaround !)
- Language files updated
- Adjusted update ZIP to remove .odex files, overwrite OTA survival binary, remove dalvik caches
28.01.2013 - v1.00 - RELEASE NOTES (click)
- Icon now selectable from 5 options, or hide completely from launcher (see note)
- Theme now selectable from 4 options
- (Pro) Added option to grant/deny with a timer (hold grant/deny button in popup for two seconds)
- Added option to convert to system app
- Added option to trust system user without confirmation
- (Pro) Added option to adjust auto-deny countdown
- (Pro) Added option to PIN protect on a per-app base
- Added option to auto-refresh apps/logs tab
- Fixed "ask again" being forgotten
- CyanogenMod: Added to option to respect/ignore DevOptions --> Root Access setting
- CyanogenMod: Added option to install addon backup script (survive update flashes)
- Fixed 7" tablets now use (improved) large PIN panel
- Free space detection issue work-around (may fix a number of binary installation failures)
- Alternate remount method (may fix binary installation issues on Android 2.x)
- Updated su binary parameter parsing
- Updated su binary to add user-related environment variables
- Adjusted cleanup and copyright texts
- Fixed autoclose upon cleanup complete
- Faster preference text loading
- Faster settings tab fragment instantiation
- Reworked native debug logging
- Reworked shell detection, now includes /system/bin/mksh fallback
- Adjustments that may reduce problems for S-ON users
- Added nag message to non-Pro (with option to disable)
- Language files updated
...
* to start hidden SuperSU from ADB shell with root rights: am start -a android.intent.action.MAIN -n eu.chainfire.supersu/.MainActivity
04.12.2012 - v0.99
- More Android 4.2 related fixes
- Disabled text correction on labels
- Updated languages
14.11.2012 - v0.98
Preliminary update for Android 4.2's multi-user capabilities.
Only the main user can run the UI and gain root access.
Secondary user's apps will not be granted root, nor can
those users change SuperSU configuration.
This is all temporary. Proper multi-user support is being
worked on.
Note that if a non-user process (like ADB shell) needs to
prompt for root, that prompt will always appear on the
MAIN user's screen !
Click to expand...
Click to collapse
29.10.2012 - v0.97
- Fixed issue with modified AOSP su binary
- Fixed wrong translation crashing app on toast
- Fixed possible exploit (preventive)
- Modified system and shell user - no longer granted root by default
- Added "ADB shell" display
- Added warning to selecting full content logging
- Added method for apps to disable (by default only) full content logging if known to be problematic (<meta-data android:name="eu.chainfire.supersu.meta.contentlogging.problematic" android:value="true" />, see How-To SU)
- Updated languages
29.08.2012 - v0.96
- Fixed occasional issue with OTA
- Fixed possible exploit (preventive)
22.08.2012 - v0.95
- Fixed action bar icon sizes
- Fixed a few JellyBean-related issues
- Added automatic binary updated during boot if needed and possible
- New logo/icons
- Updated languages
16.07.2012 - v0.94
- Fixed possible NPE crash at startup
- Fixed possible ANR freeze at boot
- Fixed possible ANR freeze at package removal
- Fixed crash with too many logfiles (auto-empties logs!)
- Updated various internal functions to be async
- Updated chattr version (fixes some instances of root loss)
- Added "clear logs" action to actionbar in logs tab
- Updated languages
03.07.2012 - v0.93
- Fixed a possible delay issue (receiver deadlock)
- Updated languages
21.06.2012 - v0.92
- Fixed app detail spinners becoming invisible
- Fixed app detail button layout (diff. for port/land)
- Fixed log detail crash at rotate
- Fixed language override stick at display rotation
- Fixed display of languages without countries in override
- Fixed potential low space installation issue
- Fixed icon rearrange issue (except when low on space)
- Updated languages
18.06.2012 - v0.91
- Fixed root permission check (OTA survival)
- Fixed a number of possible installation failures
- Fixed language detection crash issue
- Added multilanguage support (27 languages and counting)
11.06.2012 - v0.90
- Fixed various texts
- Fixed various crash issues
- Fixed various non-response issues
- Fixed possible security issue
- PIN code now requires verification before changing
- Added title and navigation to log detail activity
07.05.2012 - v0.89
- Fixed stay-on-top issue
- Fixed possible exploit
- Improved security
23.04.2012 - v0.88
- Fixed a number of performance issues
- Added re-authentication option
- Apps now sorted alphabetically
- Voodoo OTA Root Keeper backup removed at binary install
26.03.2012 - v0.87
- Fixed an issue with several apps re-requesting root
- Fixed a number of reported crashes
- Fixed a few ANRs
26.03.2012 - v0.86
- Fixed a cleanup issue
26.03.2012 - v0.85
- Fixed issue if root is disabled during update
25.03.2012 - v0.84
- Modified OTA survival behavior - re-enable this setting if needed !
- Modified SH search order
- Modified backup shell location
- Added cleanup for reinstallation option
- Added cleanup for switching superuser app option
- Added cleanup for full unroot option
- If the APK is not installed, root is always granted
17.03.2012 - v0.83
- Fix command not visible
- Fix zombie process freeze
- Fix zombie process cleanup
- Fix -c followed by multiple parameters
- Fix high cpu load issue
- Fix STDIN closed relay
- Fix log display bug
- Fix swipe empty tabs
- Improved swipe behavior
- Added app title
- Added refresh button
14.03.2012 - v0.80
- Reversed swipe direction
- Adjusted touch response
- Adjusted request queueing
- Adjusted time counter
- Non-prompt notifications now async
- Permissions auto-removed if an app is uninstalled
12.03.2012 - v0.78
- Adjusted prompt-on-boot behavior
- Adjusted request serialization
- Added swiping between tabs
- Fixed force user setting
- Pro: fixed faulty SuperSU restored message
10.03.2012 - v0.75
- Adjustment to OTA survival (better!)
- Slight speedup in Settings
- Fixed native settings update after temp-re-root
- Clear data no longer clears PIN code
- Layout: Prompt: Grant and Deny switch positions (ICS style)
- Layout: AppDetail: Save and Cancel switched positions (ICS style)
- Layout: Added xlarge PIN layout
10.03.2012 - v0.74
- Proper command escaping
- Fixed inifinite loop
- Fixed notification broadcast (should fix all freezing issues)
09.03.2012 - v0.73
- Fixed su binary detection problem
- Fixed two FC's in settings
- Disabled some debug stuff that was left enabled in v0.72
09.03.2012 - v0.72
- Minor adjustments to install script
- Fixed issue with really old SU version detection
09.03.2012 - v0.71
- Fix permission problem due to faulty installation
- Added error message if device is not yet rooted
- Cancelling binary update now closes app
09.03.2012 - v0.70
- Initial public release
Changelogs
01.10.2017 - v2.82 - SR5 - RELEASE NOTES
- suinit: Fix (flashed) TWRP 3.1.1 compatibility on Pixel (XL)
- FBE: allow FBE devices to boot unencrypted (unless KEEPFORCEENCRYPT is set)
18.09.2017 - v2.82 - SR4 - RELEASE NOTES
- ZIP: Fix an incompatibilty with CFAR
- ZIP: Fix slot detection breaking if no /vendor present
- ZIP: If unmounting fails, retry lazily
- sukernel: Fstab patch: fix case where verify removal could break slotselect
- sukernel: Adjust system_root cpio import
- sukernel: Detect and use stock boot image backups created by other tools
- supolicy: Add some Oreo policies
- suinit: Fix boot case where bootloader unexpectedly doesn't enforce dm-verity
13.08.2017 - v2.82 - SR3 - RELEASE NOTES
- sukernel: Fix external sdcard issue on Samsung devices running custom ROMs
- launch_daemonsu: Abort if su binaries missing
- ZIP: Fix FlashFire compatibility in SBIN mode
- SBIN: Add /sbin/supersu/bin and /sbin/supersu/xbin to PATH (root shells only)
- SBIN: Fix policies for /sbin-based services
- SBIN: Fix /sbin-based symlinks not always properly resolving
- ZIP: Add support for bzip2/lz4/lzo/lzma/xz compressed kernels and ramdisks (lz4 @ 1.5.0 format)
08.08.2017 - v2.82 - SR2 - RELEASE NOTES
- ZIP: Support order-swapped /etc/recovery.fstab
- ZIP: Cope with /system being a symlink to /system_root/system
- suinit: Fix remount /system r/w issue on Pixel(XL)+OPreview
- sukernel: Fix pre-patched ramdisk detection for reduced system_root footprint
- ZIP+suinit: Fix recovery going to ramdump on Pixel(XL)
- Added "BIND SBIN" mode, mounts files in /sbin instead of /su, stores files directly in /data instead of su.img (new default for O+)
- Systemless: all file contexts are restored at boot, see /path/to/su/mount/file_contexts
09.06.2017 - v2.82 - SR1 - RELEASE NOTES
- ZIP: Detect AVB signature on input boot image, and sign output image accordingly (force with SIGNBOOTIMAGE, custom keys in /tmp/avb)
- ZIP: Samsung/7.0+: if /data is not currently encrypted, disable encryption (unless KEEPFORCEENCRYPT or REMOVEENCRYPTABLE are set)
- ZIP: Detect TWRP UI slot switch (Pixel/XL: 3.1.0-RC2+)
- ZIP: Further improve /system device detection
- ZIP: Support compiling sepolicy from split CILs
- ZIP: Kernel patch: support LZ4 compressed kernels (new format only)
- ZIP: Mount /vendor
- ZIP: Add /vendor/lib[64] to LD_LIBRARY_PATH
- ZIP: Initial Pixel+ODP2 support
- ZIP+APK: Fixes in boot partition detection
- sukernel: Allow cpio-add of 0-byte files
- sukernel: Add dtb (in-kernel only) related features
- suinit: Improve logging
- suinit: Support pre-mounting /system and /system_root (ODP2+)
- sukernel+suinit+ZIP: Reduce system_root footprint by dynamically importing entries at boot
- supolicy: Adjustments for ODP3
28.05.2017 - v2.82 - Work-In-Progress / TEST-1
- supolicy: Newer libsupol version used
- su: Fix sdk parameter not always being passed to supolicy in system mode
26.05.2017 - v2.82 - CCMT - RELEASE NOTES
- su: Fix su.d scripts running in the wrong mount context (introduced by ODP sdcardfs fix)
- CCMT: Remove Feedback screen and associated permissions
(v2.81 == v2.79 SR3 with patched version code)
24.05.2017 - v2.80 - CCMT
- CCMT: Update language files
- CCMT: Update guide screen
- CCMT: Update privacy policy screen
- CCMT: Updater: remove 4.3 and 5.0 specific upgrade messages, replace with generic; and detect if root must be manually updated
- CCMT: Add feedback screen
- CCMT: Drop support for Android 2.1 and 2.2. Minimum is now 2.3 (SDK 9, up from 7)
11.04.2017 - v2.79 - SR5 - Not publicly released
- su: Update mount namespace separation code to improve sdcardfs compatibility
- su: Fix kernel panic on ODP1/2 on 5X/6P
- su: Fix ODP1 compatibility on Pixel (XL)
- launch_daemonsu: Revert previous ODP1 work-around
- sukernel: Add option to patch out optional /data encryption (encryptable)
- suinit: cleanup /boot
- ZIP: Get boot image from fstab last-effort
- ZIP: Add REMOVEENCRYPTABLE flag to force disable encryption on newer Samsung firmwares
23.03.2017 - v2.79 - SR4 - RELEASE NOTES - ODP1/6P/5X only
- ZIP: Fix slow /dev/random on some devices, apparently freezing install at "Creating image"
- ZIP: Fix LD_LIBRARY_PATH for hex-patch execution
- supolicy: Fix applying deferred allow rules
- supolicy: Fix setting impossible XPERM causing policy corruption
- supolicy: Add policies for ODP1
- launch_daemonsu: Work-around kernel panic on ODP1 on 5X/6P. Forces service mode for ODP1 on all devices.
14.01.2017 - v2.79 - SR3 - RELEASE NOTES
- Fix erroneously deleting SuperSU's copy of app_process on 6.0 since 2.79-SR1
- GUI: Fix app_process requirement detection when supersu context used
- Fully eliminate sugote binary, no longer needed due to SELinux handling improvements in earlier versions
- Support /system/xbin/sush as default shell
- Adjust LD_PRELOAD filtering to exclude suhide's libraries
- ZIP: Motorola: default to systemless mode
03.01.2017 - v2.79 - SR2 - RELEASE NOTES
- supolicy: fix some segfaults(NPEs) in pre-7.0 sepolicy handling
- ZIP: write boot block device once instead of twice (@_alexndr)
- (c) 2017 + CCMT
22.12.2016 - v2.79 - SR1 - RELEASE NOTES
- Expand Samsung detection
- GUI: reworked portions to work with 'supersu' context on 7.0+
- GUI: fix binary update notice when superuser disabled by user in some cases
- su: reworked portions to work with 'supersu' context on 7.0+
- su/GUI: improve responsiveness when device busy on 7.0+
- sukernel: fix cpio restore failure with very short filenames
- sukernel: no longer patches file_contexts(.bin)
- sukernel: revert force seclabel (no longer needed with 'supersu' context)
- supolicy: add "create", "auditallow", "auditdeny" policy commands
- supolicy: support "*" for permission/range parameter of "allow", "deny", "auditallow", "auditdeny", "allowxperm" policy commands
- supolicy: --live/--file no longer apply default patches if custom patches are supplied
- supolicy: --sdk=X option added (required for 7.0+)
- supolicy: reworked all SELinux rules for 7.0+, run as 'supersu' context
- ZIP: Separate slotselect and system_root logic
- ZIP: Adjust system/system_root device and mount-point detection
- ZIP: Fix minor errors in documentation
- ZIP/frp: Explicitly label /su
15.12.2016 - v2.79 - CCMT
- CCMT: Change "Upgrade to Pro" button color
30.11.2016 - v2.78 - SR5 - RELEASE NOTES
- Fix shell-based scripts/services possibly not being executed on 7.x firmwares
- Add SecurityLogAgent to Samsung KNOX detection
- sukernel: force seclabel
15.11.2016 - v2.78 - SR4 - RELEASE NOTES
- sukernel: improve FBE detection
- suinit: TWRP compatibility on slot-based systems
- ZIP: TWRP compatibility on slot-based systems
03.11.2016 - v2.78 - SR3 - RELEASE NOTES
- Fix 'Full Unroot' on slot-based systems
- sukernel: replace system symlink with bind mount
- sukernel: add missing slot check for system_root import
- sukernel: fix ramdisk backup segmentation fault
- supolicy: adjust priv_app policy to be able to call su
- launch_daemonsu: adjust su.img size detection
- ZIP: improve loop device setup
- ZIP: add factory reset protection (FRP variable, default if slots used)
29.10.2016 - v2.78 - SR2 - RELEASE NOTES
- File-based-encryption support
- CCMT: Add privacy policy dialog
- CCMT: Update translation files
- su+gui: support /system_root paths
- sukernel: add kernel binary extract/replace
- sukernel: add kernel cmdline extract/replace
- sukernel: add system_root import
- sukernel: add slot-kernel patch
- sukernel: support /boot paths
- suinit: new binary component
- launch_daemonsu: restructure to support /su in initramfs or system_root
- ZIP: Support systemless on 5.0 (requires 3rd party patches)
- ZIP: Support for A/B slot systems with / inside system partition
15.09.2016 - v2.78 - SR1 - RELEASE NOTES
- subinary: Adjust app_process detection with manipulated mount namespaces
- subinary: Adjust Zygote PID detection to prefer 64-bit
- subinary: Fix possible NPE in LD_PRELOAD sanitization
- subinary: In systemless mode, ensure PATH contains /su/bin and /su/xbin
- supolicy: Ensure zero-on-alloc for new rules
- supolicy: Fix parsing allowxperm with multiple sources/targets in a single definition
- ZIP/Systemless: Give su.d 60 seconds to execute (from 4 seconds)
01.09.2016 - v2.78 - CCMT
- CCMT: Change default icon from Emblem to Material
- CCMT: Update detection activity
- CCMT: Update guide activity
- CCMT: Update translation files
27.08.2016 - v2.77 - BETA - RELEASE NOTES
- ZIP/Systemless: Support for hexpatches (Note7)
- ZIP/Systemless: Additional logging in daemonsu launcher script
05.07.2016 - v2.76
- Clear logs now asks for confirmation
- Fixed memory leak that could ultimately lead to reboots or root not working
- Fixed an issue that might have causes root loss on temporary unroot
- ZIP/Systemless: /data/su.img resized from 32M to 96M, to make sure enough space is available for systemless modes such as xposed
- ZIP/Systemless: launch daemon on post-fs-data, if supported by device (6.0+, fallback to service)
- CCMT: Added guide screen for new users
19.05.2016 - v2.74-2 - BETA - RELEASE NOTES
- supolicy/sukernel: Prevent security updates to SELinux from being applied
- sukernel: backup and restore modified ramdisk files, to be able to re-root if boot image backup got lost
- ZIP: Only show TWRP warning on TWRP v2.x
10.05.2016 - v2.72 - BETA - RELEASE NOTES
- Add support for ChromeOS boot images (Pixel C)
- supolicy: Fix logging to logcat for some processes on some firmwares
- supolicy: Fix fsck of /data/su.img being denied on some firmwares
- ZIP: Add LESSLOGGING flag
- ZIP: Add KEEPVERITY flag
- ZIP: Add KEEPFORCEENCRYPT flag
- ZIP: Also read flags from /cache/.supersu (aside from /data/.supersu and /system/.supersu)
31.03.2016 - v2.71 - BETA
- Massive speed improvement in handling permissive domains
- N/RC/BETA merged with normal BETA release
14.03.2016 - v2.70 - BETA RC - RELEASE NOTES
- Rewrote re-enabling root after temp-disable
- supolicy: Improve permissive domain handling
- N: Disable forced encryption
- N: Fix remounting /system for some apps (relatime becomes noatime for ro mounts)
- ZIP: call users scripts without setting LD_LIBRARY_PATH
13.03.2016 - v2.69 - BETA RC - RELEASE NOTES
- su: Escape from audit-based safe mode
- supolicy: Update to new v30 sepolicy format
- supolicy: Add support for special case M sepolicy format
- supolicy: Add support for XPERM rules
- sukernel: Add support for binary version of file_contexts
- ZIP: Create mount point in ramdisk instead of script
- ZIP: Add support for binary version of file_contexts
- BINDSYSTEMXBIN: Now disabled by default
- launch_daemonsu: Perform fsck before mounting
28.02.2016 - v2.68 - BETA - RELEASE NOTES
- su: Add -mns/--mount-namespace option
- su: Fix issue with sdcard on Note4/5.1
- sukernel: Fix issue where writing to /dev could truncate early at 64k barriers
- supolicy: Fix logcat issue on Omni/CM/etc
- supolicy: Disable AUDITDENY entries, to make debugging easier for devs
- supolicy: Extend fake-permissive to work with new Samsung firmwares
- ZIP: Fix TWRP log truncating and screen output on installs embedded in other ZIPs
- ZIP: Improve loopback device setup handling
- ZIP: Add PERMISSIVE flag
- ZIP: Move variable reading to after /system and /data have been mounted
- ZIP: Added call to custom patcher script, if any (/data/custom_ramdisk_patch.sh)
- ZIP: chmod 0751 /su/bin
21.01.2016 - v2.67 - BETA
- (systemless) Improved deep sleep fix for Samsung 5.1+
- (systemless) Added fallback method to mounting /su on system boot
- supolicy: fix bug copying system_server capabilities to init
- supolicy: replaced transitions: copy capabilities and attributes, silence audits
- supolicy: work-around shell-based services being executed as undefined_service on Samsung 5.1+
- sukernel: refuse to patch ChromeOS boot image
- FSTABSYSTEMRW: flag removed; worked around remount /system r/w issue
- ZIP: improved handling of loop devices
- ZIP: detect boot image partition being a symlink to a file on /data, and skip wipe if so
- Updated translation files
03.01.2016 - v2.66 - BETA
- (systemless): Add deep sleep fix for Samsung 5.1+
- supolicy: Adjust Samsung 6.0 init shell
- ZIP: Patch recovery SELinux policy
- ZIP: Improve su.img mounting
Changelogs continue in the next post ...
(reserved)
Nice, I shall be updating my version
Sweet dude
Awesome update !
Will SuperSU be able to manage the su binary included on a userdebug build of AOSP? Or does SuperSU download its own binary?
Thanks
crachel said:
Will SuperSU be able to manage the su binary included on a userdebug build of AOSP? Or does SuperSU download its own binary?
Click to expand...
Click to collapse
SuperSU uses it's own binary.
Can I just say this is badass !!! Just saying !!
Chainfire said:
SuperSU uses it's own binary.
Click to expand...
Click to collapse
can i remove existing SU app from my ROM and install this one? or do i have to keep both of them?
After flashing this, though i have granted the permissions, still apps say that, it did not get the permissions for root access and the screen just stays blank!
grgsiocl said:
can i remove existing SU app from my ROM and install this one? or do i have to keep both of them?
Click to expand...
Click to collapse
You can remove the existing SU app, SuperSU is a full replacement, binary and APK.
Thanks. Cool
Small update to v0.71. Primarily to fix a freak installation issue I had on one of my devices.
Temporary unroot and apps
Will this work around the problem of purchased Google movies that won't play because the app checks for root? Also with Google Wallet now checking for rooted devices I wanted to see if this was a true work around.
Thanks The Great ChainFire!
p.s. how can i remove the original superuser on my device? i cant find it on titanium backup?
thanks!
edit: i removed it!
rolandroland said:
Will this work around the problem of purchased Google movies that won't play because the app checks for root? Also with Google Wallet now checking for rooted devices I wanted to see if this was a true work around.
Click to expand...
Click to collapse
I'm not sure about movies (they are not available in my country) but I know wallet checks a number of things... your build.prop fingerprint must be correct, you may not have /system/app/Superuser.apk present (the CWM ZIP installs this!) and no "su".
It can work with SuperSU, but it's tricky.
Thank you sir for this! I will probably be buying the pro version but I know this is just the initial release of this app. It would be nice to get a workaround for video's. I tried ghost mode on superuser and it still wouldn't let me play movies. They have it locked down lol.
Looks excellent, going to give it a shot.
Great app, thank very much. Gone pro happily
Just a quick report. All is well other than having removed Superuser (and rebooted), I checked all my rooted apps for functionality and they were all fine except one. When I checked I was still able to adjust autostart permissions using Gemini App Manager, I was informed that 'Superuser' had to be installed for the app to work. I reinstalled Superuser (in addition to SuperSU) and the problem went away.
Thanks again!
After a bit of tinkering and some insight from Chainfire and imoseyon i was finally able to get SuperSU working on AOSP roms without being permissive or having to use Chainfire's prebuilt sepolicy
sepolicy patch is here: https://github.com/PureNexusProject...mmit/0f5072de4580a5db7348917e77e4c1c35d3e3c1a
Stickied.
sorry to be that guy, but how does this affect the average joe?
does it mean theres going to be a new version of supersu with this or does this mean that custom rom makers can use this patch to make there roms not need the the custom boot.img?
WarningHPB said:
sorry to be that guy, but how does this affect the average joe?
Click to expand...
Click to collapse
It doesn't, this is for ROM devs only, they know what to do with this.
Chainfire said:
It doesn't, this is for ROM devs only, they know what to do with this.
Click to expand...
Click to collapse
Welcome back! Hope you had a good break.
Chainfire said:
Stickied.
Click to expand...
Click to collapse
Thanks after including this in my AOSP builds i have noticed a few things, certain "root" app still dont function and get selinux denials. i originally had noticed this with logcat extreme. i was getting read and write denials on logd so i did an audit2allow on my sepolicy and came up with the following allow
Code:
#============= logd ==============
allow logd init:fifo_file { read write };
i did a quick google search on this and came up with https://gist.github.com/poliva/fc5b7402bde74be27518 which is apparently an sediff of your sepolicy, which is heavily modified beyond just what i had for supersu to work in enforcing for aosp roms. so i guess my real question is do us "AOSP" devs have to update our sepolicys with these 300+ additions to get all current root apps working or is this something that you can overcome in an update to SuperSU.
thanks in advance :good:
BeansTown106 said:
Thanks after including this in my AOSP builds i have noticed a few things, certain "root" app still dont function and get selinux denials. i originally had noticed this with logcat extreme. i was getting read and write denials on logd so i did an audit2allow on my sepolicy and came up with the following allow
Code:
#============= logd ==============
allow logd init:fifo_file { read write };
i did a quick google search on this and came up with https://gist.github.com/poliva/fc5b7402bde74be27518 which is apparently an sediff of your sepolicy, which is heavily modified beyond just what i had for supersu to work in enforcing for aosp roms. so i guess my real question is do us "AOSP" devs have to update our sepolicys with these 300+ additions to get all current root apps working or is this something that you can overcome in an update to SuperSU.
thanks in advance :good:
Click to expand...
Click to collapse
There is no such thing now as "all current root apps working".
If SuperSU's deamon can be launched, and it can in turn launch the supolicy tool, most of the rules from the diff will be modified by SuperSU as needed.
What your patch needs to do (and you have already done) is make sure SuperSU can be launched in the right context, and can modify the sepolicy. You do not need to implement those 300+ additions - it will be done at boot automagically.
As for those additions themselves, they are primarily needed to:
- make sure SuperSU can work, internal communications between the different processes and such
- make processes running as the "init" context (where root apps run by default) as powerful as possible
- specifically "allow" a number of things that would otherwise still work, but would be logged (everything that starts with "allow init" or "allow recovery")
Now, even with the above, still not everything works out of the box. Everything that goes from "init" to "non-init" context should already work, but going from "non-init" context to "init" may not. In your example case, we go from "logd" to "init", which isn't specifically allowed. Often apps can be fixed to work around an issue such as this.
Generally speaking, the solution is not to fix the source sepolicy or the supolicy tool, the solution is for the "logcat extreme" app to run the following at launch (as documented in How-To SU):
Code:
supolicy --live "allow logd init fifo_file { read write }"
In this specific case, maybe it could be added to supolicy, it depends on what exactly generates the audit. If it's a simple logcat command, it's a candidate for inclusion. The problem might even be solved by switching contexts rather than modifying any SELinux policies. But that is something for the app developer to figure out.
In either case, it is not something you need to fix in the AOSP patches. Those already do what they need to do.
Since they started doing SELinux Enforcing though, the policies in AOSP have generally been a tad stricter than on retail devices (this was specifically the case during 4.4 days). This may lead to you sometimes having to add/remove a rule manually somewhere that was not added to SuperSU yet. It could happen, but it's unlikely, probably temporary, and it probably should not go into this AOSP patch.
A note on pof's sediff, I'm not sure it was done cleanly, as I see some modifications in there that are not done by supolicy. Either way, such a post is informative, not leading, as supolicy may do more or less modifications depending on various runtime variables (such as Android version). Additionally, due to context names and availabilities changing between Android versions, any rule modification referencing a context not available in the to-be-patched sepolicy will not be applied, and thus will not show up in an sediff.
@BeansTown106
Have you checked by any chance if this patch is enough to allow 2.61 (systemless) to work still ?
Chainfire said:
@BeansTown106
Have you checked by any chance if this patch is enough to allow 2.61 (systemless) to work still ?
Click to expand...
Click to collapse
thanks for the description above now i understand. have never developed a root app so i had not read that part of how to su, but it makes perfect sense that the root apps would handle the denials live via your supolicy
as for system less root i have not tried that yet but i will give it a shot tonight, and report back, i know some people in my ROM thread have used system less root. but i am not sure if you had packaged your sepolicy in the install script for 2.61+ and if it is overwriting mine in the kernel, if that is the case i will modify the installation to not patch the sepolicy and see if it works with my pre compiled one based on the source above
Starting 2.64, I think this addition to init.te is all that is needed:
Code:
allow init kernel:security load_policy;
Confirmation needed though. The original patch will also work with 2.64, and the ZIP installer should default to /system installation mode.
Of course, this also requires that /system isn't verified by dm-verity, and init reloads sepolicy from the standard /data/security/current location.
the link in OP its no longer working...
Also in CM13 tree we have:
Code:
# Reload policy upon setprop selinux.reload_policy 1.
# Note: this requires the following allow rule
# allow init kernel:security load_policy;
and over my builds have no problem with SuperSU system less...
Chainfire said:
Starting 2.64, I think this addition to init.te is all that is needed:
Code:
allow init kernel:security load_policy;
Confirmation needed though. The original patch will also work with 2.64, and the ZIP installer should default to /system installation mode.
Of course, this also requires that /system isn't verified by dm-verity, and init reloads sepolicy from the standard /data/security/current location.
Click to expand...
Click to collapse
will build and test with only load policy enabled, is this for system, and systemless root?
danieldmm said:
the link in OP its no longer working...
Also in CM13 tree we have:
Code:
# Reload policy upon setprop selinux.reload_policy 1.
# Note: this requires the following allow rule
# allow init kernel:security load_policy;
and over my builds have no problem with SuperSU system less...
Click to expand...
Click to collapse
updated link, so your saying systemless supersu works with no selinux modifications?
BeansTown106 said:
updated link, so your saying systemless supersu works with no selinux modifications?
Click to expand...
Click to collapse
Over my builds yes, no issues at all in cm13, although my kernel it's in permissive mode. Maybe it's why it works all good?
Enviado do meu A0001 através de Tapatalk
danieldmm said:
Over my builds yes, no issues at all in cm13, although my kernel it's in permissive mode. Maybe it's why it works all good?
Enviado do meu A0001 através de Tapatalk
Click to expand...
Click to collapse
that is why, these patchs are to allow you to run in enforcing
I dont know if a should post here this question: there is any way to fix this problem with the rom already installed?
Thanks
Garzla said:
I dont know if a should post here this question: there is any way to fix this problem with the rom already installed?
Thanks
Click to expand...
Click to collapse
Try the following. It works for me when needed...
http://forum.xda-developers.com/showthread.php?t=3574688
Thank you for your work!
Link in OP its no longer working...
Is there any actual guide how to add SU directly to AOSP build. I have found bits and pieces but those are mainly 4.x releases.
I'm using Android M release and quite much struggling to get it working.
I have tried to make SU default on AOSP 6.0 by using this guide.
http://forum.khadas.com/t/gapps-and-su-on-soc/118/3
I'm using user build and enabled selinux permissive on that.
i have made also ro.secure=0 ro.debuggable=1 and security.perf_harden=0 (Not sure if needed)
I have also modified to change the su permissions in fs_config.c
I managed to get this work so that when flashing rom SuperSu ask for updating su binary and after that su works.
but i then cleaned work area to verify build by deleting out dir and recompiled. No go anymore.
Why it's so hard to add su by default on AOSP rom. I woud like to have it by default so i would not need to do any tricks everytime i flash new rom.
It reminds me of Korean dramas ,
THIS IS CURRENTLY NOT WORKING
A newer version is available here: https://forum.xda-developers.com/apps/supersu/suhide-lite-t3653855
suhide is an experimental (and officially unsupported) mod for SuperSU that can selectively hide root (the su binary and package name) from other applications.
Pros
- Hides root on a per-app base, no need to globally disable root
- Doesn't need Xposed
- Even supports SuperSU's ancient app compatibility mode (BINDSYSTEMXBIN)
- Passes SafetyNet attestation by default on stock ROMs (last officially tested on 2016.10.07)
Cons
- Ultimately a losing game (see the next few posts)
- No GUI (at the moment) - Unofficial GUI by loserskater
Requirements
- SuperSU v2.78 SR1 or newer (link)
- SuperSU installed in systemless mode
- Android 6.0 or newer
- TWRP (3.0.2 or newer, with access to /data - link!) or FlashFire (link)
Xposed
Xposed is not currently officially supported, but if you want to use it directly, you must be using @topjohnwu 's systemless xposed v86.2 exactly (attached at the bottom). It seems to mostly work during my non-extensive testing, but there are still some performance issues (both boot-time and run-time). Proceed with caution, expect bootloop.
Alternatively, there are some reports that the latest Magisk version + the latest systemless xposed (for Magisk) also works. I have not personally tested this.
CyanogenMod
I've personally tested with CM13 on i9300 without issue, however, several users are reporting it doesn't work for them. Proceed with caution, expect bootloop. Also, aside from just flashing SuperSU, you need to make sure /system/bin/su and /system/xbin/su are removed, or CM's internal root will still be used.
Usage
Install/Upgrade
- Make sure you have the latest SuperSU version flashed in systemless mode
- Make sure you are using the latest TWRP or FlashFire version
- Remove any and all Xposed versions
- If you have been having issues, flash suhide-rm-vX.YY.zip first, and note that your blacklist has been lost.
- Flash the attached suhide-vX.YY.zip
- If you are upgrading from suhide v0.16 or older, reflash SuperSU ZIP, and note that your blacklist has been lost.
- Optionally, flash the Xposed version linked above, and pray
At first install SafetyNet is automatically blacklisted.
If you have just flashed a ROM, it is advised to let it fully boot at least once before installing suhide.
Uninstall
- Flash the attached suhide-rm-vX.YY.zip. The version may appear older, the uninstall script doesn't change very often.
Blacklisting an app
You need the UID (10000 to 99999, usually 10xxx) of the app, which can be tricky to find, or the process name. There may be a GUI for this at some point.
(Note that all commands below need to be executed from a root shell)
If you know the package name, ls -nld /data/data/packagename will show the UID - usually the 3rd column.
Similarly, for running apps, ps -n | grep packagename will also show the UID - usually the 1st column.
Note that the process name is often the same as the package name, but this is not always the case. UID is more reliable for identifying a specific app, and it is also faster than blocking based on process names.
When you know the UID or process name:
Add to blacklist: /su/suhide/add UID or /su/suhide/add processname
Remove from blacklist: /su/suhide/rm UID or /su/suhide/rm processname
List blacklist: /su/suhide/list
All running processes for that UID or process name need to be killed/restarted for su binary hiding. For SuperSU GUI hiding, the device needs to be restarted. I recommend just (soft-)rebooting your device after making any changes.
Please keep in mind that many apps store their rooted state, so you may need to clear their data (and then reboot).
Integration into SuperSU
This mod isn't stable, and probably will never be (see the next few posts). As SuperSU does aim to be stable, I don't think they're a good match. But who knows, it all depends on how things progress on the detection side.
Detections
This mod hides the su binary pretty well, and does a basic job of hiding the SuperSU GUI. The hiding is never perfect, and suhide itself is not undetectable either. This will never be a perfectly working solution.
Debugging bootloops
- Get your device in a booting state
- Make sure you have TWRP or a similar recovery
- Install LiveBoot (link)
- If you are not a LiveBoot Pro user, enable the Freeload option
- Enable the Save logs option
- Recreate the bootloop
- In TWRP, get /cache/liveboot.log , and ZIP+attach it to a post here.
Download
Attached below.
Any rm version should work to uninstall any suhide version.
There may be multiple versions of suhide attached, please look carefully which one you are downloading!
YOU ARE EXPLICITLY NOT ALLOWED TO REDISTRIBUTE THESE FILES
(pre-v0.51: 17410 downloads)
Hiding root: a losing game - rant du jour
Most apps that detect root fall into the payment, banking/investing, corporate security, or (anit cheating) gaming category.
While a lot of apps have their custom root detection routines, with the introduction of SafetyNet the situation for power users has become worse, as developers of those apps can now use a single API to check if the device is not obviously compromised.
SafetyNet is of course developed by Google, which means they can do some tricks that others may not be able to easily do, as they have better platform access and control. In its current incarnation, ultimately the detection routines still run as an unprivileged user and do not yet use information from expected-to-be-secure components such as the bootloader or TPM. In other words, even though they have slightly more access than a 3rd party app, they still have less access than a root app does.
Following from this is that as long as there is someone who is willing to put in the time and effort - and this can become very complex and time consuming very quickly - and SafetyNet keeps their detection routines in the same class, there will in theory always be a way to beat these detections.
While reading that may initially make some of you rejoice, this is in truth a bad thing. As an Android security engineer in Google's employ has stated, they need to "make sure that Android Pay is running on a device that has a well documented set of API’s and a well understood security model".
The problem is that with a rooted device, it is ultimately not possible to guarantee said security model with the current class of SafetyNet tamper detection routines. The cat and mouse game currently being played out - SafetyNet detecting root, someone bypassing it, SafetyNet detecting it again, repeat - only serves to emphasize this point. The more we push this, the more obvious this becomes to all players involved, and the quicker SafetyNet (and similar solutions) will grow beyond their current limitations.
Ultimately, information will be provided and verified by bootloaders/TrustZone/SecureBoot/TIMA/TEE/TPM etc. (Samsung is already doing this with their KNOX/TIMA solutions). Parts of the device we cannot easily reach or patch, and thus there will come a time when these detection bypasses may no longer viable. This will happen regardless of our efforts, as you can be sure malware authors are working on this as well. What we power-users do may well influence the time-frame, however. If a bypass attains critical mass, it will be patched quickly.
More security requires more locking down. Ultimately these security features are about money - unbelievably large amounts of money. This while our precious unlocked bootloaders and root solutions are more of a developer and enthusiast thing. While we're all generally fond of shaking our fists at the likes of Google, Samsung, HTC, etc, it should be noted that there are people in all these companies actively lobbying to keep unlocked/unlockable devices available for us to play with, with the only limitation being that some financial/corporate stuff may not work if we play too hard.
It would be much easier (and safer from their perspective) for all these parties to simply plug that hole and fully lock down the platform (beyond 3rd party apps using only the normal APIs). Bypassing root checks en masse is nothing less than poking the bear.
Nevertheless, users want to hide their roots (so do malware authors...) and at least this implementation of suhide is a simple one. I still think it's a bad idea to do it. Then again, I think it's a bad idea to do anything financial related on Android smartphone that isn't completely clean, but that's just me.
Note that I have intentionally left out any debate on whether SafetyNet/AndroidPay/etc need to be this perfectly secure (most people do their banking on virus ridden Windows installations after all), who should get to decide which risk is worth taking, or even if Google and cohorts would be able to design the systems more robustly so the main app processor would not need to be trusted at all. (the latter could be done for Android Pay, but wouldn't necessarily solve anything for Random Banking App). While those are very interesting discussion points, ultimately it is Google who decides how they want this system to work, regardless of our opinions on the matter - and they want to secure it.
--- reserved ---
Changelogs
2016.10.10 - v0.55 - RELEASE NOTES
- Some code cleanup
- Support for blocking based on process name
- Should fix some crashes (requires uninstall/reinstall to activate)
2016.10.07 - v0.54 - RELEASE NOTES
- Fix for latest SafetyNet update
2016.09.19 - v0.53 - RELEASE NOTES
- Haploid container (monoploid)
2016.09.18 - v0.52 - see v0.51 release notes below
- Fix root loss on some firmwares
2016.09.18 - v0.51 - RELEASE NOTES
- Complete redesign
- Zygote proxying (haploid)
- Binder hijacking (diploid)
- su.d instead of ramdisk modification
- Xposed supported (-ish)
2016.09.04 - v0.16 - RELEASE NOTES
- Fix some SELinux access errors
- Should now work on devices that ask for a password/pattern/pin immediately at boot - for real this time!
- Binderjacking improvements for Nougat
2016.08.31 - v0.12 - RELEASE NOTES
- Fix some issues with suhide-add/rm scripts
- Fix not working at all on 32-bit devices
- Should now work on devices that ask for a password/pattern/pin immediately at boot
- Rudimentary GUI hiding
- No longer limited to arm/arm64 devices: support for x86/x86_64/mips/mips64 devices added
2016.08.29 - v0.01
- Initial release
As always thank you Chainfire! I will try and edit this post.
Edit @Chainfire this seems to work for enabling Android Pay! I didn't get the chance to actually pay yet. But it did let me add my card and did not display the message about a failed authorization of Android check! Before I couldn't even get past that first screen.
Edit 2: @Chainfire It seems to of had an adverse effect on Snapchat. I cleared cache on the app, uninstalled and reinstalled and restarted. It kept Force closing after a photo no matter what. I used suhide-rm and it seems to have fixed the app from any issues. Thanks again and hopefully we'll get you some more reports. Either way your solution works!
Tested on stock rooted 7.0 Nexus 6p.
@Chainfire
What was your reason for doing this project?
Sent from my Nexus 6P using XDA-Developers mobile app
Ofthecats said:
What was your reason for doing this project?
Click to expand...
Click to collapse
For building it, curious if the method I came up with would work well. For releasing, if others are doing it, join them or be left behind.
I'm assuming with custom ROM android pay still won't work right?
HamsterHam said:
I'm assuming with custom ROM android pay still won't work right?
Click to expand...
Click to collapse
I'd just give it a try. It's spoofing the specific app, not the entire ROM that matters. It's fairly simple to try.
Installed on LG G4 w/ V20g-EUR-XX update and rerooted with TWRP 3.0.2-0 and SuperSU-v2.76-2016063161323. seems to be working fine, for the moment. Thank you for the update.
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
djide said:
So far so good, I was able to add card to android pay. I would try using it during lunch and report back. Again, thanks for the continuous hard work.
Click to expand...
Click to collapse
What was the UID or process you found to blacklist it with?
Sent from my ONEPLUS A3000 using Tapatalk
how to install it? which file should I flash ? Both?
I can't see to add an app using terminal.
I'm typing in
/data/adb/suhide-add 10284
Says file not found. Can someone help, cheers.
Joshmccullough said:
What was the UID or process you found to blacklist it with?
Click to expand...
Click to collapse
Android Pay comes blacklisted out-of-the-box
HamsterHam said:
I can't see to add an app using terminal.
I'm typing in
/data/adb/suhide-add 10284
Says file not found. Can someone help, cheers.
Click to expand...
Click to collapse
Are you in Android or TWRP ?
ls -l /data/adb/
Chainfire said:
Android Pay comes blacklisted out-of-the-box
Click to expand...
Click to collapse
Derp. That's what I get for not reading the entire sentence under 'Install' in the OP......thanks!
PedroM.CostaAndrade said:
how to install it? which file should I flash ? Both?
Click to expand...
Click to collapse
Please don't quote a large post like that just to ask a single question.
Please read the first post, so you know what to do.
OnePlus 2 here, stock 6.0.1, systemless rooted with SuperSU Pro v2.76, flahed using Flashfire.
Passes SafetyNet check, does not pass my bank's root check, propably for the reasons the OP states above.
thdervenis said:
OnePlus 2 here, stock 6.0.1, systemless rooted with SuperSU Pro v2.76, flahed using Flashfire.
Passes SafetyNet check, does not pass my bank's root check, propably for the reasons the OP states above.
Click to expand...
Click to collapse
You need to blacklist the UID for your bank. Directions are in the OP.
{
"lightbox_close": "Close",
"lightbox_next": "Next",
"lightbox_previous": "Previous",
"lightbox_error": "The requested content cannot be loaded. Please try again later.",
"lightbox_start_slideshow": "Start slideshow",
"lightbox_stop_slideshow": "Stop slideshow",
"lightbox_full_screen": "Full screen",
"lightbox_thumbnails": "Thumbnails",
"lightbox_download": "Download",
"lightbox_share": "Share",
"lightbox_zoom": "Zoom",
"lightbox_new_window": "New window",
"lightbox_toggle_sidebar": "Toggle sidebar"
}
Welcome to the Magisk Release / Announcement thread!
For all up-to-date info and links, please directly check Magisk's GitHub PageInstallation
Download count of previously XDA hosted files: 25,490,945
v1: 8746 v2: 2251 v3: 3790 v4: 1220 v5: 2914
v6: 138838 v7: 119744 v8: 116796 v9: 203836 v10.2: 215176
v11.1: 573322 v11.6:438886 v12.0: 3263706
1300: 274438 1310: 1018692 1320: 403556 1330: 1844372
1350: 39188 1360: 69874 1400: 4456314
1410: 11512 1420: 112020 1437: 247988 1455: 30652
1456: 253042 1468: 85978 1500: 434572 1510: 460120
1520: 927436 1530: 218164 1531: 3143686 1540: 97368
1600: 6043710 1610: 87628 1620: 140382
Changelog
Magisk
v20.3
- [MagiskBoot] Fix lz4_legacy decompression
v20.2
- [MagiskSU] Properly handle communication between daemon and application (root request prompt)
- [MagiskInit] Fix logging in kmsg
- [MagiskBoot] Support patching dtb/dtbo partition formats
- [General] Support pre-init sepolicy patch in modules
- [Scripts] Update magisk stock image backup format
v20.1
- [MagiskSU] Support component name agnostic communication (for stub APK)
- [MagiskBoot] Set proper header_size in boot image headers (fix vbmeta error on Samsung devices)
- [MagiskHide] Scan zygote multiple times
- [MagiskInit] Support recovery images without /sbin/recovery binary. This will fix some A/B devices unable to boot to recovery after flashing Magisk
- [General] Move acct to prevent daemon being killed
- [General] Make sure "--remove-modules" will execute uninstall.sh after removal
v20.0
- [MagiskBoot] Support inject/modify mnt_point value in DTB fstab
- [MagiskBoot] Support patching QCDT
- [MagiskBoot] Support patching DTBH
- [MagiskBoot] Support patching PXA-DT
- [MagiskInit] [2SI] Support non A/B setup (Android 10)
- [MagiskHide] Fix bug that reject process names with ":"
- [MagicMount] Fix a bug that cause /product mirror not created
v19.4
- [MagiskInit] [SAR] Boot system-as-root devices with system mounted as /
- [MagiskInit] [2SI] Support 2-stage-init for A/B devices (Pixel 3 Android 10)
- [MagiskInit] [initramfs] Delay sbin overlay creation to post-fs-data
- [MagiskInit] [SARCompat] Old system-as-root implementation is deprecated, no more future changes
- [MagiskInit] Add overlay.d support for root directory overlay for new system-as-root implementation
- [MagiskSU] Unblock all signals in root shells (fix bash on Android)
- [MagicMount] Support replacing files in /product
- [MagiskHide] Support Android 10's Zygote blastula pool
- [MagiskHide] All random strings now also have random length
- [MagiskBoot] Allow no recompression for ramdisk.cpio
- [MagiskBoot] Support some weird Huawei boot images
- [General] Add new "--remove-modules" command to remove modules without root in ADB shell
- [General] Support Android 10 new APEX libraries (Project Mainline)
v19.3
- [MagiskHide] Hugely improve process monitor implementation, hopefully should no longer cause 100% CPU and daemon crashes
- [MagiskInit] Wait for partitions to be ready for early mount, should fix bootloops on a handful of devices
- [MagiskInit] Support EROFS used in EMUI 9.1
- [MagiskSU] Properly implement mount namespace isolation
- [MagiskBoot] Proper checksum calculation for header v2
v19.2
- [General] Fix uninstaller
- [General] Fix bootloops on some devices with tmpfs mounting to /data
- [MagiskInit] Add Kirin hi6250 support
- [MagiskSU] Stop claiming device focus for su logging/notify if feasible
This fix issues with users locking Magisk Manager with app lock, and prevent
video apps get messed up when an app is requesting root in the background.
v19.1
- [General] Support recovery based Magisk
- [General] Support Android Q Beta 2
- [MagiskInit] New sbin overlay setup process for better compatibility
- [MagiskInit] Allow long pressing volume up to boot to recovery in recovery mode
- [MagicMount] Use proper system_root mirror
- [MagicMount] Use self created device nodes for mirrors
- [MagicMount] Do not allow adding new files/folders in partition root folder (e.g. /system or /vendor)
v19.0
- [General] Remove usage of magisk.img
- [General] Add 64 bit magisk binary for native 64 bit support
- [General] Support A only system-as-root devices that released with Android 9.0
- [General] Support non EXT4 system and vendor partitions
- [MagiskHide] Use Zygote ptracing for monitoring new processes
- [MagiskHide] Targets are now per-application component
- [MagiskInit] Support Android Q (no logical partition support yet!)
- [MagiskPolicy] Support Android Q new split sepolicy setup
- [MagiskInit] Move sbin overlay creation from main daemon post-fs-data to early-init
- [General] Service scripts now run in parallel
- [MagiskInit] Directly inject magisk services to init.rc
- [General] Use lzma2 compressed ramdisk in extreme conditions
- [MagicMount] Clone attributes from original file if exists
- [MagiskSU] Use ACTION_REBOOT intent to workaround some OEM broadcast restrictions
- [General] Use skip_mount instead of auto_mount: from opt-in to opt-out
v18.1
- [General] Support EMUI 9.0
- [General] Support Kirin 960 devices
- [General] Support down to Android 4.2
- [General] Major code base modernization under-the-hood
v18.0
- [General] Migrate all code base to C++
- [General] Modify database natively instead of going through Magisk Manager
- [General] Deprecate path /sbin/.core, please start using /sbin/.magisk
- [General] Boot scripts are moved from <magisk_img>/.core/<stage>.d to /data/adb/<stage>.d
- [General] Remove native systemless hosts (Magisk Manager is updated with a built-in systemless hosts module)
- [General] Allow module post-fs-data.sh scripts to disable/remove modules
- [MagiskHide] Use component names instead of process names as targets
- [MagiskHide] Add procfs protection on SDK 24+ (Nougat)
- [MagiskHide] Remove the folder /.backup to prevent detection
- [MagiskHide] Hide list is now stored in database instead of raw textfile in images
- [MagiskHide] Add "--status" option to CLI
- [MagiskHide] Stop unmounting non-custom related mount points
- [MagiskSU] Add FLAG_INCLUDE_STOPPED_PACKAGES in broadcasts to force wake Magisk Manager
- [MagiskSU] Fix a bug causing SIGWINCH not properly detected
- [MagiskPolicy] Support new av rules: type_change, type_member
- [MagiskPolicy] Remove all AUDITDENY rules after patching sepolicy to log all denies for debugging
- [MagiskBoot] Properly support extra_cmdline in boot headers
- [MagiskBoot] Try to repair broken v1 boot image headers
- [MagiskBoot] Add new CPIO command: "exists"
v17.3
- [MagiskBoot] Support boot image header v1 (Pixel 3)
- [MagiskSU] No more linked lists for caching su_info
- [MagiskSU] Parse command-lines in client side and send only options to daemon
- [MagiskSU] Early ACK to prevent client freezes and early denies
- [Daemon] Prevent bootloops in situations where /data is mounted twice
- [Daemon] Prevent logcat failures when /system/bin is magic mounting, could cause MagiskHide to fail
- [Scripts] Switch hexpatch to remove Samsung Defex to a more general pattern
- [Scripts] Update data encryption detection for better custom recovery support
v17.2
- [ResetProp] Update to AOSP upstream to support serialized system properties
- [MagiskInit] Randomize Magisk service names to prevent detection (e.g. FGO)
- [MagiskSU] New communication scheme to communicate with Magisk Manager
v17.0/17.1
- [General] Bring back install to inactive slot for OTAs on A/B devices
- [Script] Remove system based root in addon.d
- [Script] Add proper addon.d-v2 for preserving Magisk on custom ROMs on A/B devices
- [Script] Enable KEEPVERITY when the device is using system_root_image
- [Script] Add hexpatch to remove Samsung defex in new Oreo kernels
- [Daemon] Support non ext4 filesystems for mirrors (system/vendor)
- [MagiskSU] Make pts sockets always run in dev_pts secontext, providing all terminal emulator root shell the same power as adb shells
- [MagiskHide] Kill all processes with same UID of the target to workaround OOS embryo optimization
- [MagiskInit] Move all sepolicy patches pre-init to prevent Pixel 2 (XL) boot service breakdown
v16.7
- [Scripts] Fix boot image patching errors on Android P (workaround the strengthened seccomp)
- [MagiskHide] Support hardlink based ns proc mnt (old kernel support)
- [Daemon] Fix permission of /dev/null after logcat commands, fix ADB on EMUI
- [Daemon] Log fatal errors only on debug builds
- [MagiskInit] Detect early mount partname from fstab in device tree
v16.6
- [General] Add wrapper script to overcome weird LD_XXX flags set in apps
- [General] Prevent bootloop when flashing Magisk after full wipe on FBE devices
- [Scripts] Support patching DTB placed in extra sections in boot images (Samsung S9/S9+)
- [Scripts] Add support for addon.d-v2 (untested)
- [Scripts] Fix custom recovery console output in addon.d
- [Scripts] Fallback to parsing sysfs for detecting block devices
- [Daemon] Check whether a valid Magisk Manager is installed on boot, if not, install stub APK embedded in magiskinit
- [Daemon] Check whether Magisk Manager is repackaged (hidden), and prevent malware from hijacking com.topjohnwu.magisk
- [Daemon] Introduce new daemon: magisklogd, a dedicated daemon to handle all logcat related monitoring
- [Daemon] Replace old invincible mode with handshake between magiskd and magisklogd, one will respwan the other if disconnected
- [Daemon] Support GSI adbd bind mounting
- [MagiskInit] Support detecting block names in upper case (Samsung)
- [MagiskBoot] Check DTB headers to prevent false detections within kernel binary
- [MagiskHide] Compare mount namespace with PPID to make sure the namespace is actually separated, fix root loss
- [MagiskSU] Simplify su_info caching system, should use less resources and computing power
- [MagiskSU] Reduce the amount of broadcasting to Magisk Manager
- [ImgTool] Separate all ext4 image related operations to a new applet called "imgtool"
- [ImgTool] Use precise free space calculation methods
- [ImgTool] Use our own set of loop devices hidden along side with sbin tmpfs overlay. This not only eliminates another possible detection method, but also fixes apps that mount OBB files as loop devices (huge thanks to dev of Pzizz for reporting this issue)
v16.4
- [Daemon] Directly check logcat command instead of detecting logd, should fix logging and MagiskHide on several Samsung devices
- [Daemon] Fix startup Magisk Manager APK installation on Android P
- [MagiskPolicy] Switch from AOSP u:r:su:s0 to u:r:magisk:s0 to prevent conflicts
- [MagiskPolicy] Remove unnecessary sepolicy rules to reduce security penalty
- [Daemon] Massive re-design /sbin tmpfs overlay and daemon start up
- [MagiskInit] Remove magiskinit_daemon, the actual magisk daemon (magiskd) shall handle everything itself
- [Daemon] Remove post-fs stage as it is very limited and also will not work on A/B devices; replaced with simple mount in post-fs-data, which will run ASAP even before the daemon is started
- [General] Remove all 64-bit binaries as there is no point in using them; all binaries are now 32-bit only.
Some weirdly implemented root apps might break (e.g. Tasker, already reported to the developer), but it is not my fault
- [resetprop] Add Protobuf encode/decode to support manipulating persist properties on Android P
- [MagiskHide] Include app sub-services as hiding targets. This might significantly increase the amount of apps that could be properly hidden
v16.3
- [General] Remove symlinks used for backwards compatibility
- [MagiskBoot] Fix a small size calculation bug
v16.2
- [General] Force use system binaries in handling ext4 images (fix module installation on Android P)
- [MagiskHide] Change property state to disable if logd is disabled
v16.1
- [MagiskBoot] Fix MTK boot image packaging
- [MagiskBoot] Add more Nook/Acclaim headers support
- [MagiskBoot] Support unpacking DTB with empty kernel image
- [MagiskBoot] Update high compression mode detection logic
- [Daemon] Support new mke2fs tool on Android P
- [resetprop] Support Android P new property context files
- [MagiskPolicy] Add new rules for Android P
v16.0
- [MagiskInit] Support non skip_initramfs devices with slot suffix (Huawei Treble)
- [MagiskPolicy] Add rules for Magisk Manager
- [Compiler] Workaround an NDK compiler bug that causes bootloops
v15.4
- [MagiskBoot] Support Samsung PXA, DHTB header images
- [MagiskBoot] Support ASUS blob images
- [MagiskBoot] Support Nook Green Loader images
- [MagiskBoot] Support pure ramdisk images
- [MagiskInit] Prevent OnePlus angela sepolicy_debug from loading
- [MagiskInit] Obfuscate Magisk socket entry to prevent detection and security
- [Daemon] Fix subfolders in /sbin shadowed by overlay
- [Daemon] Obfuscate binary names to prevent naive detections
- [Daemon] Check logd before force trying to start logcat in a loop
v15.3
- [Daemon] Fix the bug that only one script would be executed in post-fs-data.d/service.d
- [Daemon] Add MS_SILENT flag when mounting, should fix some devices that cannot mount magisk.img
- [MagiskBoot] Fix potential segmentation fault when patching ramdisk, should fix some installation failures
v15.2
- [MagiskBoot] Fix dtb verity patches, should fix dm-verity bootloops on newer devices placing fstabs in dtb
- [MagiskPolicy] Add new rules for proper Samsung support, should fix MagiskHide
- [MagiskInit] Support non skip_initramfs devices using split sepolicies (e.g. Zenfone 4 Oreo)
- [Daemon] Use specific logcat buffers, some devices does not support all log buffers
- [scripts] Update scripts to double check whether boot slot is available, some devices set a boot slot without A/B partitions
v15.1
- [MagiskBoot] Fix faulty code in ramdisk patches which causes bootloops in some config and fstab format combos
v15.0
- [Daemon] Fix the bug that Magisk cannot properly detect /data encryption state
- [Daemon] Add merging /cache/magisk.img and /data/adb/magisk_merge.img support
- [Daemon] Update to upstream libsepol to support cutting edge split policy custom ROM cil compilations
Magisk Manager
v7.5.1
- Fix toggling app components in MagiskHide screen
- Update translations
v7.5.0
- Support new MagiskSU communication method (ContentProvider)
- Fix several issues with hidden stub APK
- Support using BiometricPrompt (face unlock)
v7.4.0
- Hide Magisk Manager with stub APKs on Android 9.0+
- Allow customizing app name when hiding Magisk Manager
- Generate random keys to sign the hidden Magisk Manager to prevent signature detections
- Fix fingerprint UI infinite loop
v7.3.5
- Sort installed modules by name
- Better pre-5.0 support
- Fix potential issues when patching tar files
v7.3.4
- App is now fully written in Kotlin!
- New downloading system
- Add new "Recovery Mode" to Advanced Settings
v7.3.0/1/2
- HUGE code base modernization, thanks @diareuse!
- More sweet changes coming in the future!
- Reboot device using proper API (no more abrupt reboot)
- New floating button in Magisk logs to go to bottom
v7.2.0
- Huge UI overhaul
- More sweet changes coming in the future!
v7.1.2
- Support patching Samsung AP firmware
- Much better module downloading mechanism
v7.1.1
- Fix a bug that causes some modules using new format not showing up
v7.1.0
- Support the new module format
- Support per-application component granularity MagiskHide targets (only on v19+)
- Ask for fingerprint before deleting rules if enabled
- Fix the bug that causes repackaging to lose settings
- Several UI fixes
v7.0.0
- Major UI redesign!
- Render Markdown natively (no more buggy WebView!)
- Support down to Android 4.1 (native Magisk only support Android 4.2 though)
- Significantly improve Magisk log disply performance
- Fix post OTA scripts for A/B devices
- Reduce memory usages when verifying and signing boot image
- Drop support for Magisk lower than v18.0
v6.1.0
- Introduce new downloading methods: no longer uses buggy system Download Manager
- Introduce many new notifications for better user experience
- Add support for Magisk v18.0
- Change application name to "Manager" after hiding(repackaging) to prevent app name detection
- Add built-in systemless hosts module (access in settings)
- Auto launch the newly installed app after hiding(repackaging) and restoring Magisk Manager
- Fix bug causing incomplete module.prop in modules to have improper UI
v6.0.1
- Update to use new online module's organizing method
- When fingerprint authentication is enabled, toggling root permissions in "Superuser" section now requires fingerprint beforehand
- Fix crashes when entering MagiskHide section on some devices
- Remove support to Magisk version lower than v15.0
- Ask storage permissions before patching stock boot image
- Update dark theme CardView color
v6.0.0
- Update to latest AndroidX support library
- Fix crashes when online repos contain incomplete metadata
- Optimize BootSigner to use as little memory as possible, prevent OutOfMemoryError
- Support new communication scheme between Magisk v17.2 and Magisk Manager
- Enable excessive obfuscation to prevent APK analysis root detections (still not 100% obfuscated due to backwards compatibility with stable channel)
2016.10.04
Magisk-v7 is quite a significant update compared to v6. A lot has changed, new features are added, and improved compatibility a lot, especially in selinux issues.
Open Source!
My previous releases has some controversy due to the fact that I included closed source property with unexpected intentions. I had worked hard to create/improve open source tools, so that they can fit my own needs. Magisk is now 100% open source, including the binary it uses.
Brand New Magisk Manager
The Magisk Manager is completely a different application compared to the previous crappy app. It has now packed with features, and it is now part of the core experience of Magisk itself. New features and improvements are still planned, so stay tuned in this application's development!
Repo System, Module Management
We've been putting a lot of effort into constructing this repo system. This change is to make installing Magisk Modules a lot more easier. What I'm aiming is to make Magisk something like Xposed, an interface and a platform for developers to work on. Providing a repo system is a good step towards the goal, as it makes installing new stuffs and receiving updates super simple. I also drastically simplified the Magisk Module template. Right now, I believe anyone with basic knowledge can create their own Magisk Module easily. Changing a few values into a config file should make porting existing mods to Magisk much easier.
Safety Net
My decision to remove root management from Magisk seems to cause some debate. People might wonder why I would remove such feature that made Magisk so popular. Well, I have to emphasize again, Magisk is never meant for bypassing Safety Net. The Xposed and root bypasses are some fun projects that I'm messing with what Magisk is capable of. One of the two main reasons I dropped this feature in Magisk is
1. Xposed is no longer working with Safety Net enabled. I had tried to bypass it with some mounting tricks and process killing, but all of those are not able to fix the issue. Soon suhide is available and it is able to bypass Xposed had made me really frustrated, as I do not want to keep working on a "not complete solution".
2. On the open source side, phh is also developing his own "suhide". phh just released a test build for hiding root (link to his test build), I'm gonna take a look and include it into the Magisk version of phh root.
These two methods are much better than the one I was using. It doesn't need a toggle, it is per app basis, and many more. Also, I'm not creating a root solution, I'm creating an interface that root solutions can rely on. So I decide to give the hiding root "responsibility" to the root solutions, not managed by the interface, Magisk, itself.
Just to let all of you know, one of Magisk Manager's future feature will be a GUI to manage these two root hiding solutions. It will need some time to develop, and I also wanted to do some things in the core Magisk side to add this support natively. So please don't be pissed that I dropped the whole root management thing. It is for a bigger plan
Due to a bug in the template zip, there will be issues flashing the zip files if the path has spaces.
This commit in magisk-module-template should fix the issue.
All repos online is updated with this fix, developers please include this patch into your modules.
2016.10.19 Magisk v8
This release is aimed for bug fixes, and most importantly the ability to hide itself from Safety Net's detection.
Template Cache Module Fix
Due to a bug in the template script, if your module is a cache module, your scripts might not be executed correctly, also flashing in Magisk Manager will cause the UI to break.
This particular commit is the fix, only cache modules are needed to be updated, other modules are working fine.
Search Bar in Download Section
Magisk Manager 2.1 brings search bar to the "Downloads Section", so that it's easier to find a module once the list gets too long.
SuperSU Integration
In the previous release (v7), I decided to automatically convert SuperSU into a Magisk module while installing Magisk. In this release (v8), I make Magisk 100% compatible with SuperSU out of box, not needed to modify how SuperSU work in anyway. For v8 and future releases, Magisk will detect SuperSU patched boot image, and only add the required additional patches to the boot image.
Also, I created further integration for Magisk and SuperSU: Magisk will create a script placed in /data/custom_ramdisk_patch.sh when SuperSU detected. What this means is that the next time you upgrade SuperSU by flashing SuperSU zip in custom recovery, Magisk will automatically be injected. You can also apply OTA updates with FlashFire, and enable SuperSU injection, which will also inject Magisk on-the-go!
For users that was using v7 with SuperSU along with the Helper Module, please manually restore your boot image (should be stored in /data/stock_boot.img), and flash the latest SuperSU, then flash Magisk-v8.
Magisk Hide
This feature should've been released a few weeks ago, but university is killing me lately; overwhelming schoolwork prevents me to finalize the tool, so please pardon my absence and lack of support. But it's still better late than nothing .
In the weeks I have been inactive, Safety Net got a couple updates, each makes bypassing more of an hassle. Magisk v8 introduce "Magisk Hide", the tool to properly hide Magisk, preventing Magisk to break Safety Net features. What it can do is hide all Magisk modules' files and mounts from target processes (e.g. Safety Net), including Magisk compatible phh root maintained by myself.
It cannot hide SuperSU, it cannot hide Xposed. If you want to hide any of them, please use suhide developed by Chainfire.
It should not cause issues as I have been testing quite some while, but if you replace some files with Magisk (known: /system/etc/customize/ACC/default.xml), Google Play Service will constantly crash. Due to this fact, this feature is not enabled by default. You have to manually enable it in the settings of Magisk Manager v2.1 after you upgraded to Magisk v8, and reboot to apply the settings.
Right now, you can manage your own hide list with ways similar to suhide, no GUI:
Code:
(All commands should be run in a root shell)
# Show current list
/magisk/.core/magiskhide/list
# Add new process (the package name should work fine)
/magisk/.core/magiskhide/add <process name or package name>
# Remove a process (might need a reboot to make an effect)
/magisk/.core/magiskhide/rm <process name or package name>
The process com.google.android.gms.unstable (Safety Net) will always automatically be added to the list if Magisk Hide is enabled, so if you just want to bypass Safety Net, just enable in Magisk Manager and you're good to go.
Safety Net - The Already Lost Cat-And-Mouse Game
Keep in mind, in the latest update of Safety Net that just happened in a few hours, Google seems to step up the game, and it might got to the point that no modifications are allowed, and might be impossible to bypass.
Currently on my HTC 10, no matter what I did to the boot image, even just a repack of 100% stock boot image, Safety Net will not pass under any circumstances. On the other hand, my Nexus 9 running stock Nougat seems bypass without issues, with root and modules all enabled and working fine. The boot verification might vary from one OEM to another, HTC's implementation might just be one of the first included into Safety Net, but eventually all major OEMs' method will be included, and at that time I think any Android "mod", including custom kernels, will pretty much break Safety Net. These verification should be coded deep into the bootloader, which is not that easy to crack. So the conclusion is that I will not spend that much time bypassing Safety Net in the future.
The attachment is a screenshot about where to enable Magisk Hide in the app
Magisk MultiROM - POC
I spend some time playing with the possibility of Universal MultiROM by only using Magisk.
Surprisingly, it is not that difficult at all! Here is a small POC video demonstrating my HTC 10 dual booting stock rom and CM 13.
No other dependency is required (e.g. modified TWRP recovery, kext kernel patch etc.). You only need Magisk injected into the boot image, and along with proper settings, by swapping out the boot image, you can load any rom systemless-ly.
What this means is that all Magisk supported device can enjoy MultiROM features! What a great news for flashaholics LOL.
NOTE! The process showed in this video in far from what it will be eventually. I will make the process nice and smooth
2016.11.14 Magisk v9
This release comes with significant updates and changes, doing adjustments to pave the road for the next major update v10: the update with Multirom support!
Please spend some time reading this lengthy release note, the most important information are included in quotes, or bolded and colored in RED.
Also, many other fixes not mentioned here are listed in the changelog.
The End of Cache (post-fs) Modules
This shall be the biggest change for this update. One of Magisk's cool feature is that it can mount files before data and build.prop is loaded (post-fs). Most modules only uses this advantage to modify read-only props (e.g. DPI, fake device model etc.) without modifying build.prop, however with a new tool included in this release (will be introduced in the next section), dealing things in post-fs is not needed anymore.
Instead of having both "Cache Modules" and "Normal Modules" at the same time, confusing both developers and users, creating complexity in module management, the decision is made that "Cache Modules" are no longer supported after this update.
How about some features that require mounting in post-fs mode (known: Changing Boot Animation)? No worries, post-fs mode is still there (as Multirom will depend on this), I only removed the interface for modules.
Magisk no longer let you install cache modules, you have to manually add the files you want to replace, which is actually super easy.
You can place your new files into the corresponding location under /cache/magisk_mount, Magisk will automagiskally manage selinux contexts, permissions and the mounting for you.
For example, you want to replace /system/media/bootanimation.zip, copy your new boot animation zip to /cache/magisk_mount/system/media/bootanimation.zip with any root explorer, Magisk will mount your files in the next reboot.
Click to expand...
Click to collapse
Magisk v9 will remove all installed cache modules under /cache/magisk, which is the previous path where cache modules locate.
Further more, to push developers to upgrade their cache modules, the latest Magisk Manager (v2.5) will filter out cache modules, which means cache modules available in the Magisk repo are NOT shown under the "Download" section in Magisk Manager.
Cache Module developers please refer to the following instructions to update your current module:
Take a look at the changes in this commit (if you're famlier with git, you can just cherry pick this commit, and deal with some minor merge conflicts)
Check the "resetprop" section to understand how to change props without using a cache module, and update your modules accordingly. For example, if you want to replace the build.prop, you no longer need to enable "automount", or bind mount the file manually in your script, as nothing will load it again.; instead, you should enable post-fs-data script, and read your new build.prop file with proper commands. If you want to change certain prop values, just switch from post-fs script to post-fs-data script, and instead of calling "setprop", please call "/data/magisk/resetprop" to set your props.
Remember to remove the "cacheModule" entry or set to false in the module.prop file, or else your module will never show up in the Magisk Download section in the Magisk Manager!
New Badass Tool - resetprop
To be honest, this tool itself deserves a new thread on XDA, as it is super powerful and super cool.
"resetprop", originally named "xsetprop", was initially developed by @nkk71 to bypass the crazy tough detections for Safety Net. Developers found method to bypass the check by modifying the kernel source code, which served the need but the solution is far from perfect as it requires the source code to be available and kernel compiling.
The tool was originally made to directly modify the system prop database. With seeing the potential of this tool, I contacted @nkk71 and start collaborating together, which brings the original simple tool into a full-fledged, all-in-one prop management tool.
Here are some technical details:
System props are handled by "init", a binary located in the ramdisk which starts right after kernel is loaded. "props" are supposed to only have a single writer, and multiple reader, which means only the process "init" has the full control to the prop database. We modify the props (by calling setprop) through an interface called property_service, which will pass the request to init; property_service also handles the triggering of "events" that should be triggered by a prop change. What read-only props means is that property_service will block all requests for modifying props starting with "ro.", as those props are not allowed to be changed once set. To overcome this difficulty, we can mimic how init behaves by directly modifying the trie structured database. However we will not be able to trigger events, as we completely skipped the property_service part. This might be ideal for SN bypasses, but not applicable for Magisk, as I want to load any prop, which should trigger some events to make some changes. So we went a step further and added a feature to "delete" a system prop! As a result, by directly deleting the prop entry in the database, then send a request to property_service, property_service will accept the request and trigger events if needed.
The new tool - resetprop can modify/delete any system prop, including read-only props (prop names starting with "ro.")
You can also read a whole build.prop, overwriting all existing props. The binary will be installed to /data/magisk/resetprop.
Here are some examples for cache module developers to adapt to the new changes:
Code:
# Set any prop (with trigger)
/data/magisk/resetprop ro.sf.lcd_density 480
# Set any prop (without trigger)
/data/magisk/resetprop -n ro.crypto.state encrypted
# Delete any prop
/data/magisk/resetprop --delete magisk.version
# Read props from a prop file
/data/magisk/resetprop --file /magisk/somemod/new_build.prop
Click to expand...
Click to collapse
The tool is originally built with AOSP source, I spent some time to make it much more portable.
Here is the link to the NDK-buildable source of the resetprop used in Magisk: https://github.com/topjohnwu/resetprop
Magisk Hide - Greatly Improved
Another update to pass SN, please grab it before it expires lol
People started to panic when Google device to check boot loader / boot-verity etc. As stated in the previous section, resetprop fixes the issue easily with setting all detecting props to the valid values. However, more detection has been added. One of those is that simply adding Magisk directories into PATH will break Safety Net. Not sure if I should be glad because the word "magisk" is now officially on the tech giant's blacklist......
So in order to hide root (here I'm only referring Magisk phh superuser, as SuperSU users shall always rely on CF's suhide, not MagiskHide), I had to change the way things works.
For the new changes that are required to NOT modify PATH, the phh's superuser has to be upgraded.
Please make sure your phh superuser is upgraded to r266-2 (or any version higher).
Older version will NOT work with Magisk v9, please upgrade phh's su before upgrading.
Also, along with the new Magisk Manager v2.5, we finally had an GUI to add/remove apps from the MagiskHide list!
Click to expand...
Click to collapse
Development
I added build.sh into the main Magisk repo, you can call the script and it will guide you with help messages.
Custom version names are supported, both in Magisk and Magisk Manager (if using custom name, update will disable)
So feel free to clone the repo and develop Magisk yourself! Pull requests are appreciated!
For Magisk Manager, you can provide translations for the app, just translate the strings, create a pull request, and I'll merge it into the main app, many thanks!
Those Pixels
I stated before that the new Google Pixel devices are using a complete different partition structure, as the ramdisk is now stored along with the system partition, and a kernel modification is inevitable.
Without much surprise, our mighty developer Chainfire had released a systemless root for Pixel devices. What it does in a nutshell is bringing back the ramdisk to the boot image, and still do modifications in the ramdisk (rootfs). However it still requires 1. custom init binary 2. binary patch directly to the kernel. If I decide to use the provided closed source solution, it shall not be difficult to port Magisk to the Pixels and start all the systemless craziness, but still I need an device to test and debug. In addition, I would love to see if I can create an open source tool to achieve similar results to make Pixel (which means maybe all future devices) running Magisk.
But the huge issue is: I live in Taiwan, and there is no sign that the Pixels will be available for purchase here, well at least not possible in 2016.
I could ask my buddy studying in the US to bring me one when he comes back at the Christmas vacations (which is still quite some time from now, but still better late than nothing.....), however the problem is that Pixel XLs (the model I prefer) are currently out of stock on the online Google Store, and I will never know if ordering now will make the package show up in my friend's place in time before he comes back to Taiwan.
If anyone seeing this post has access/can purchase brand new Pixel XLs (anywhere should be OK), and possible to deliver them to Taiwan in a reasonable time and a reasonable shipping fee, please contact me and I'll be very happy.
Lastly, I just bought my new HTC 10 within a year. I'm just an university student, the money I earn from tuition could afford me the super expensive Pixel device, but any additional donation to support my open source development is highly appreciated . I'd be really happy that many people love my work!
Click to expand...
Click to collapse
Here are some news....
Lack of Support
School have been super busy lately (getting the last metro to home nearly every day...), I have little if any time to spend on Android development. Another big factor is that I'm still waiting for my laptop to be repaired.
Sorry for all the private messages sending to my inbox, I've got way too many PMs that I'm not in the mood to read through dozens and dozens of them, since a large fraction of them are simply just asking for instructions for installing Magisk on their device.
I prefer REAL issues to be opened on Github, as I check them from time to time, and I can keep track of which are not yet resolved.
Build Friendly
I added build script for Unix-like systems (Linux and macOS) and also for Windows. I tested on all three platforms and all of them are working as expected. For people interested in the latest feature added to Magisk but not included into an official release yet, feel free to build it yourself. I automated the process that even people with no experience in NDK or scripting can build it easily.
Also for people willing to report bugs, please test Magisk built against the latest commit before opening issues on Github, thanks a lot!
Magisk Module Repo?
It has been a while since I last updated the Magisk Module Repo. I know there are a few requests for adding their own modules to the repo. I'm gonna change the way for requests to be handled from the current "posting in a request thread on XDA", to most likely handled through Github. When the new way for requests is decided, I'll add the current requests at once, and close the current thread.
I really appreciate every person who is interested in making a Magisk Module and willing to share it with others, once the new method is decided, the requests should be addressed in a timely manner.
Multirom? Updates?
I've spend my extremely limited free time to fix current Magisk issues, and so far (the latest commit on Github) it has improved a lot compared with the current v9 release.
I haven't really spend much time in the multirom feature, however I found an interesting open source project: DualBootPatcher.
It exists for quite a while, and it is very impressive just like the Multirom Tasssadar created. I haven't looked into how DualBootPatcher works, so I'm not sure if it is using similar tactics method that I switch between systems in a super simple way through Magisk.
2017.1.2 Magisk V10
Happy New Year! What is a better way to celebrate 2017 than a Magisk update
Another massive update!
Official Icon
Instead of using the picture grabbed online, the official Icon for Magisk is now live!
Magisk Hide Back On Stage
This is the most awaited fix, isn't it?
The issue of losing root is haunting since day 1 of the release of Magisk Hide, although it can be temporary recovered with a reboot, it is still quite annoying. I spend a lot of time trying to identify the reason, and soon found out that the issue is caused by MagiskHide reacting "too fast". Most processes starts from Zygote, and it requires a small period of time to isolate the mount namespace apart from Zygote. When MagiskHide reacts too quickly, it will unmount all mounts in the Zygote namespace, which literally means that all processes will lose the mounts (including root).
After adding checks and retries before switching namespaces, it leads to another issue: MagiskHide reacting "too slow". When critical files like framework is Magic Mounted, and the unmounting doesn't happen in time, it will break the SafetyNet checking process (Google Play Service FC), and can never recover until a reboot (or full restart of Google Play Service). I added tons of safety precautions (I won't go into the details here, it will be another few hundred of words), and I can "almost" eliminate all possible breakages.
Due to the fact that Magisk Hide DOES NOT hijack app_process (Zygote), it can only react passively, so there is a limitation to the effectiveness.
The best practice is to NOT add a lot of apps in the blacklist of MagiskHide (managed in Magisk Manager), so that the MagiskHide daemon has the time to react.
Personally I only hide SafetyNet (the preset), and it passes all excessive tests without any issue. However my tester still managed to break it a few times when adding 6 additional apps, and having 10+ accounts syncing at the background all the time. So I guess it is good for most users lol
Magic Mount With No Limits
I'm glad to announce that starting from this update, Magic Mount can do ANYTHING! Thanks to the new mirror implementation and some workarounds in the algorithm, it can now handle adding files to /system root (and /vendor root if separate partition). Also thanks to the new MagiskHide, all mounting combinations can pass SafetyNet!
Magisk Powered Custom ROM: One Click to Custom ROM, Another Click You're Back to Stock
I am a member of an HTC custom ROM developer team - Team Venom, and without too much effort, The world's first Magisk Powered Custom ROMhttp://venomroms.com/worlds-first-100-percent-magisk-rom/ was born!
The advantage over traditional full packaged custom rom is that we ROM developers no longer need to port carrier features (Wi-Fi calling, VOLTE etc.) to our ROMs. Users can install Magisk on their stock devices, load the Custom ROM module, reboot and BOOM all done, along with 100% fully working carrier features. Also, it is just cool to load a custom ROM fully systemless, isn't it!
Developers in the HTC 10 community soon realized the "power of Magisk", and currently trying to push out more and more Magisk Custom ROM Modules.
I hope all developers feel the excitement, and port all stock modified custom ROM to be implemented with Magisk!
For ROM developers interested, please check the link and download the zip to get an idea how to create your own Magisk Custom ROM Module!
Magisk Can Now Root Your Device
I decided to fork the phh Superuser and start doing modifications. From Magisk v10 and after, Magisk will root your device with the bundled root if
a. No root installed b. Root that isn't Systemless SuperSU or older Magisk phh versions installed
Right now you still have to install the phh Superuser application, however the root management should move to Magisk Manager soon, please stay tuned.
Currently it is nearly the same as official phh root with only a few tweaks, but I might add more in the future.
Magisk Manager Now On Play Store
It seems that some already found out that Magisk Manager is now available on Play Store! All future updates will be pushed through Play Store.
Download links will still be posted here, since there are still places where Play Store isn't available.
Documentations Updated, Module Template Updated, New Repo Requests
The documentations here on XDA is pretty outdated, I updated them with more info to assist developers and users to create their own modules.
Module template is updated for an addition option to load a prop file.
Repo requests are also updated, please check out the new instructions!
Sorry guys, in v10 (and the v10.1 if you're fast), when updating within the Magisk Manager, my scripts didn't handle the phh upgrading correctly.
For those got stuck with no root, please flash the latest phh zip downloaded in this thread in custom recovery (or Magisk Manager, because it is the only app that have root access).
Sorry for the inconvenience, please forgive me lol, I'm only one man!
2017.1.11
Magisk Manager v3.1
I'm still dealing with my finals (got an exam tomorrow, and 3 more projects to do......), but the online repo is no longer accessible on Magisk Manager, which forces me to push out an update.
Apart from that critical bug fix, it also comes with a lot of updates and improvements, please check the changelog for further info.
Please update your Magisk Manager from Play Store. The direct link is also updated with the new v3.1 version
Magisk v11.0
2017.2.6 Magisk v11.0
Came back from Chinese New Year holiday with some significant updates!
Introducing MagiskSU
Magisk officially becomes its own rooting solution!
Initially I just want to add root management features into Magisk Manager, but ended up updating lots of code.
Since the changes are quite significant, and no longer compatible with older versions, I'll just name it MagiskSU instead of phh Superuser.
The code is based on phh's approach to update the CM Superuser. I spent quite some effort to achieve SuperSU standards, so far the functionality should be nearly equivalent, my only concern now is compatibility, which is what I will focus on in future releases.
Please note, Magisk is still fully compatible and functional with the latest SuperSU (tested against v2.79-SR3)
The Fully Re-factored sepolicy-inject tool
To accompany with the fresh new MagiskSU, I also spent a ton of effort re-factoring the tool sepolicy-inject.
The tool now accepts policy statements, you can get more info about it from from this section of @Chainfire 's wonderful How-To SU documentation.
Basically I aimed to follow the same syntax as SuperSU's supolicy tool, as it is straight forward and same as the .te policy sources. I added a few additional features in sepolicy-inject, you can directly execute the binary with no options to refer to the help info.
See all changes in the changelog
(I named it "sepolicy-inject" instead of "supolicy", since it still differs in many ways (e.g the built-in rules) even though the syntax is now nearly identical. Root app developers might want to handle this difference when live patching sepolicies)
Pseudo SELinux Enforce Mode
Thanks to the new sepolicy-tool, pseudo enforced mode is now possible (the status shows enforced, but actually is permissive).
In some versions of Google Play Services, setting SELinux to permissive causes Safety Net to fail; however some custom ROMs require the system to be in permissive to be fully functional (although it should be considered as a bad practice). This shall be the perfect solution.
This will not be as a switchable option within Magisk Manager, since Google has a history of pulling apps from the Play Store when related to SELinux (see the tragic example of developer @flar2 's awesome app, and there are still more incidents).
MagiskHide binary is now updated to detect the permissive state, patch the current sepolicy to pseudo enforced mode, then switch back to enforced.
ROM developers don't have to change anything, just simply set to permissive on boot with a bundled app or a boot script as usual. If a user decided to enable MagiskHide, it will handle everything itself.
General Purpose Boot Scripts
I removed this feature in Magisk v4 and favored the per-module scripts. Now I decided to bring it back again.
The scripts should be placed in /magisk/.core/post-fs-data.d and /magisk/.core/service.d. The directory name should be self-explanatory.
If you have no idea which to choose, the post-fs-data.d will be a nice bet.
So Magisk will now execute script named post-fs-data.sh in each module, and all files within post-fs-data.d. The same applies to service.
Future
Thank you for everyone providing translations to Magisk Manager, and huge thanks to all donated.
I appreciate all the support, and that is my motivation to continue pumping stuffs out!
I will be maintaining MagiskSU continually; support won't end, at least in the near future.
Magic Mount features and better Magisk Module support are also on my list.
I spent zero time on adding more support to devices in v11, all the effort were put in MagiskSU and MagiskManager and major bug fixes.
The whole project is now in the state I consider "feature-packed" enough, most users/developers haven't used the full potential of the features.
I'll stop adding major new features and instead focusing on bringing Magisk to more devices that currently isn't supported.
And yes, that means I will postpone the long planned but never worked on Multi-ROM feature (I barely spent time on it after the POC video)
Hope you all will enjoy the update
(P.S. It's 9 AM here and I haven't slept. I'll update documentations after some sleep)
Before I got the in-app guides done, here are some tips for you
Many people seems missing these details
2017.2.19 Magisk Manager v4.2
Magisk Manager v4.2 is now live on Play Store. OP direct links are also updated accordingly.
Tons of improvements to the app, check the changelog for more info
Where is the Magisk Update?
I'm aware there are issue in Magisk v11.1 (vendor mount issues, and MagiskSU system rw issue)
I already fixed the system rw MagiskSU issue (so TiBack now 100% functional), you can check the Superuser sources if you're interested into the solution
I'll push an update soon after I fixed all currently known issues, AND add compatibility to more devices.
Please note that I'm only one single man, and also got a real life to deal with, so I can only focus one thing at a time.
I decided to first improve the Magisk Manager application to a point I think it's acceptable. Android application development is quite tedious, I have to put quite some time and effort into it.
After this Magisk Manager update, I will put all my attention on the core Magisk part, so please stay tuned!
New Online Module Info Display
I updated the way Magisk Manager show the details of Online Magisk Modules in the repo.
Previously I let each module include a changelog.txt, donate link, and support link
However, I think it would be better to let module developers to write anything they want
And considering the text rendering needs to be nice and clean, I think Markdown is the best choice here!
You can include links to your thread, links to your donation link, download link for an app required, changelog.... anything!
All Repo Developers Aware!
In Magisk Manager v4.2, the app will read the README.md file within your repo, and render the file properly
The changelog.txt file, support and donate entry within module.prop are no longer read, they can be removed.
Please update your README.md file ASAP to let the new app properly display what your modules do.
Here is an example, I updated the Xposed module's README.md, you can see the results in attachments
This is also a screenshot of what the new UI looks like
Magisk Manager v4.2.5 is live!
Hot fix for Samsung crashes (theoretically, no device to test), also did several adjustments here and there
As usual, full changelog in 2nd post, direct links and Play Store (might need to wait a few hours) are also updated
Sorry for the inconvenience!
Magisk Manager v4.2.6
Finally got the Samsung crash fixed!! Thank you for everyone reporting giving feedback, really appreciate the community!
As a compensate for the frequent updates and inconvenience, I added another feature that was requested to Magisk Manager - add a setting to disable update notifications
Play Store might take a few hours to update, direct link in OP is updated
Finally, I can now focus on the core part, which IMO is much much more important
Device compatibility should be GREATLY improved once the work is done, stay tuned!
For Pixel support though, I'll need to borrow my friend's Pixel XL for a couple of weeks to develop, but this might not happen soon since school is quite busy.
2017.3.21 Magisk v11.5/v11.6
It's about time for some Magisk update!!
Magisk Binary Changes
The original tool sepolicy-inject is now renamed to magiskpolicy. However, for backward compatibility, a symlink named sepolicy-inject will be created, which simply just links to magiskpolicy
The original tool bootimgtools is now renamed to magiskboot, which is a complete rewrite of the existing boot image patching tool. More info later.
Starting from this release, magiskpolicy, sepolicy-inject, resetprop, and if MagiskSU is installed, su, and supolicy (this is NOT the SuperSU supolicy, it just links to magiskpolicy, exists for compatibility) are all added to the PATH, which means you can directly call these commands through shell (and apps) without explicitly calling "/data/magisk/XXXXX"
In a nutshell:
Code:
/sbin/su -> /data/magisk/su
/sbin/resetprop -> /data/magisk/resetprop
/sbin/magiskpolicy -> /data/magisk/magiskpolicy
/sbin/sepolicy-inject -> /data/magisk/magiskpolicy
/sbin/supolicy -> /data/magisk/magiskpolicy
/data/magisk/sepolicy-inject -> /data/magisk/magiskpolicy
New Boot Image Tool: MagiskBoot
I spent a lot of time rewriting the whole boot image patching tool. For now it shall GREATLY improve the compatibility of Magisk. Key features:
Complete rewrite boot image extracting process
Proper MTK header support
Sony ELF type boot image support
Native ramdisk compression method support : gzip, xz, lzma, bzip2, lz4
This means custom kernel developers can now use a different ramdisk compression method with their custom kernels!
Native cpio patching support: auto ramdisk backups, auto ramdisk restores, auto dm-verity patch, auto forencrypt patch, native cpio extract/mkdir/add
This means boot patching process itself does not require root access anymore (it usually does)
Native LG bump and Samsung SEANDROIDENFORCE flag detection
More Magisk installation methods shall come soon!
I believe some of the features above do not exist in any existing rooting methods, I hope this will bring more users on the Magisk bandwagon
MagiskSU Fixes
In all current open source root methods, a common issue is that some apps (most well-known: Titanium Backup) cannot properly mount /system to read-write. Here I'll only briefly explain the technical details.
After spending very many hours, the victims are narrowed down to programs that directly use the "mount" system calls instead of calling the "mount" command. Also, the issue does not only happens to /system, but instead any read-only partitions. The only way to remount them to rw is through the toybox implementation of the mount command, which should be the default of all devices. This means that any external mount command (e.g. busybox) cannot remount them to rw either. After digging through the AOSP toybox source code and some search through the commits, I finally found the culprit: this commit in AOSP. What that commit does in a nutshell is that all blocks mounted read-only will be locked to read-only.
So starting from this release of MagiskSU, all blocks will be unlocked when the daemon is started (this does NOT break your system integrity, meaning it does not break OTAs), everything should work fine.
Another subtle change is that the command "-cn" will not do anything starting from now. All root developers can call the "-cn" command on both SuperSU and MagiskSU, it shall work in both cases.
I had tried to add the "-cn" command in the previous release, which only exists in SuperSU, but it was not implemented correctly, and apps depending on it will not work correctly.
However, this "context switch" command is originally added to SuperSU due to the way it managed selinux back in the old days. The way I deal with selinux, starting from Magisk v7 (Chainfire switched to similar method in his latest beta) DOES NOT need any context change, as all root procedures and processes are running in a permissive domain (in Magisk's case it's a domain that allows everything, which is slightly different to permissive. This is because permissive does not work on Sammy)
Magic Mount Vendor Issues
In Magisk v11.1, devices with a separate vendor partition (newer Nexus devices) will fail to properly magic mount files in vendor, the most common issue is using the ViPER4Android Magisk module.
It is now fixed in v11.5
Module Template Update
The Magisk Module Template is now updated. All developers please adapt your modules to the newer version
An entry in module.prop called template now indicates the template version number.
In future Magisk Manager updates, it will only show the modules that are using the latest two versions of the template.
e.g. If the latest template version is v13, only v13 and v12 modules will be showed in the repo
This gives the time for developers to update their modules, but also enforcing them to adapt to newer scripts, so I don't need to support the old template formats.
I apologize that I was busy and didn't add the existing module requests, I'll add them once you have migrated your module to the latest template
Also please note that I will NOT add modules that ONLY change some props using resetprop, as this is a upcoming feature to Magisk Manager in the near future.
What's Next?
Magisk v11.1 got over 500K downloads! Thank you for all the support!
The next short term goal is to add more features into MagiskManager (including the mentioned prop management, and a new installation method)
The long term goal will be migrating the current script-based magic mount to C program, which shall be run as a daemon in the background, combining resetprop, magiskhide etc. all-in-one. This will take some time to finish though.
For the long awaited Pixel support, I think I'll start working on it, but the complexity of that device might take a very long time for me to understand, since I do not own the device. I can only borrow my friend's device for not that long of a period of time, so progress shall be really slow. I'll not get the Pixel device now, because I don't think it is worth the price and the hassle for me to import it into Taiwan, but I'll definitely get the Pixel 2 to replace my current daily driver lol.
Magisk v11.6 Hotfix
The issue turns out to be a veeeery minor issue, but causes the whole script unable to run correctly on Samsung devices.
Also, I fixed the incorrect value for selinux prop patching for MagiskHide, so people with selinux issues should now be settled.
I guarantee all future releases will go through serious beta testing, especially Samsung devices. This project is in a scale that these kind of mistakes cannot be tolerated.
I'm sorry for all the inconvenience the previous release gave you, and the mess and headaches for all broken devices.
The Module Template is again updated. This bug will also affect module templates, so please update accordingly, thanks!!
But still, I hope you will enjoy this new release
2017.3.31 Magisk V12.0
The major version bump should label this release as a stable release (at least this is what I hope)
This release is thoroughly tested by all my testers, especially focusing on Samsung devices
Unless major issues, the next release should be a complete new redesign, and requires more time, more info later
The FAQ in OP is updated, please check them out!!!
Samsung, Samsung, oh Samsung
My previous release was widely criticized for breaking tons of Samsung devices, the rating on Play Store also reflected this fact
Thanks to helpful testers and developers, we ironed out all the quirks of Sammy, and in addition added more Samsung specific features.
One is adding proper support for Samsung permissive kernels. Another is faking KNOX to 0x0 if MagiskHide enabled.
Is that good enough to compensate my mistakes in the last release?
Sepolicy Live Patch Moved
Another critical update is that the sepolicy live patching is now moved from the post-fs-data mode to the service mode.
This decision is done due to the fact that on some devices (e.g. Samsung), there are too much to patch, which greatly delays the bootup time if the live patching is done in a blocking stage. However, this will require some updates for the minimal sepolicy rules.
The minimal patch is now a little more complete, which requires 20-80KB of ramdisk size (previously 1-4KB). Still not large to be honest.
However, this makes post-fs-data mode NOT completely unrestricted. post-fs-data mode can still do any file related operations, setting system props etc., a lot more than normal users would use. However, service mode would be guaranteed to be executed AFTER the full sepolicy patch is done.
It is recommended to run most scripts in the service mode (service.d/service.sh), except a. mounting files; b. patching system props; c. time critical operations
Magisk Core Only Mode
People complain that Magisk has "too many features", they don't want to use such "complete" solution.
Here I introduce Core Only Mode. It can be enabled in the new Magisk Manager.
What will still be started: MagiskSU, post-fs-data.d, service.d, (if enabled: MagiskHide, systemless hosts, systemless busybox)
What will not be started: Cache (post-fs) mounts, magic mount (system mirror etc.), all modules, all module scripts
So it literally limits Magisk to root + boot scripts. MagiskHide is still there for those who want some Mario Run lol.
Say Goodbye to Outdated Modules
This day finally comes. All modules on the repo that aren't using the latest template (v3 for now) are now hidden.
This not only guarantees that the modules are using the latest scripts, but also a nice way to filter out modules that are no longer maintained by the uploader.
You have to add/update template=(ver) in your module.prop. Magisk Manager will not know if you only updated the scripts
Upcoming Features
Here are some planned features (sorted in priority)
Magisk Manager resetprop GUI
MagiskSU multiuser support
Unified Magisk daemon: As stated before, I'm planning to write Magic Mount in code to achieve more efficiency and features.
All current Magisk features (magiskpolicy, magiskhide, resetprop, superuser, magic mount) will be in a unified daemon
Pixel (XL): Some developers has done some progress, I'll contact them and sort things out
Android O: I bought a Nexus 5X now, finally got some O love
Some details are changed in v12.0, I'll update the documentation (wiki) soon.
Some Recent Updates
I wish I can be more vocal in the forums, so more information can be spread to the community, but being a university student in Taiwan, studying engineering specifically, is not easy.
It has been a while since the last release, I think I would shed some light regarding the next big update.
Unified Binary
First, the most obvious change is that Magisk no longer rely on the overly complicated scripts, but instead replaced with pure C/C++ programs. Along with Magisk's development, more and more features were added, and those cannot be done with scripts are added as binaries (magiskhide, magiskpolicy, resetprop etc.). As a result, in the last build (v12.0) there are tons of binaries scattered, loosely working together with poor communication.
So the first thing to do is to combine everything as a single program, something like busybox, which is a single binary that acts as multiple utilities. This took me quite some time to finish, especially merging the existing superuser with other parts that also requires daemon connection. Another tricky part is to port the spaghetti shell script into proper C code. The good news is that both of them are done (though, some small bugs might exist and I'm currently hunting them down)
No More Busybox!
Second is the decision to remove the bundled busybox. Initially I added busybox into Magisk due to lack of proper commandline tools in native Android environment (e.g. lack of losetup in Android 5.0), and also many selinux specific options for several utilities do not exist in official AOSP toolbox/toybox. The big problem is that the busybox causes more issues than I would ever expect. Many features in v12 are implemented to only work with that specific busybox bundled with Magisk. However due to the variety of configurations of custom roms, the assumption that the target busybox is always there, working as expected obviously isn't true, leading to numerous breakage and headaches. This is one of the reason why tons of issues submitted to Github are not addressed, because all pre-v13 are haunted with the same issue - the environment Magisk is running is a mess.
However, thanks to ditching shell scripts completely, currently I handle everything by natively calling system calls, or by implementing the functions directly into the binary (another tedious task...). So Magisk now works as a complete package itself, no more dependency and requirements in the environment. Due to this change, the Magisk Manager would need to include a busybox in order to provide the environment to install Magisk modules/Magisk updates, which I think many tracking the development on Github would already notice this change.
Those wondering how to add busybox if they want? I'll release a new module in the repo.
Android O
Finally, Android O support! As expected, Android O has quite some security changes, but since I'm gonna start everything from scratch anyway, things are all quickly sorted out. Also thanks to the arrival of my Nexus 5X, I can finally test things on an actual device, as a result Magisk is now 100% working on Android O DP1. The module template might need some slight updates regarding Android O changes, please stay tuned for the announcement!
Of course, tons of other improvements are also included, I won't list all of them here and will leave them for the release post and changelogs. Updates to Magisk Manager are also work in progress (application development is very tiresome...). There are still tons of features/support bugging in my mind and I would hope I can implement all, but the reality and school prevents me to do so, I am now aiming more towards a stable release rather than rushing out poorly designed features and making me regret in future maintenance lol.
I won't have time to publish lots of informative posts as this one, for those who are interested in the active development of Magisk/Magisk Manager, please keep track of the Github repos. I always keep the development work transparent, anyone curious can spend a little effort to build it themselves and have a sneak peak of what's currently going on. Just keep in mind that the cutting edge master branch does not always work properly
This is the support thread of PixelFlasher
(PixelFlasher is an open-source self contained GUI tool to facilitate Pixel phone device flashing/rooting/updating with extra features).
Note: This thread is meant for issues and problems faced in Google Pixel 5 devices, generic issues that are device agnostic should be discussed in the main thread.
For full details on where to download / usage and feature set of the tool, visit the main thread at XDA or the project's Github page.
Troubleshooting:
If you need support or assistance, the best way to get is by generating a support file from within PixelFlasher.
You can hit that big Support button on the main screen, or select it from the Help menu.
The generated support.zip file is sanitized (redacted) to keep your sensitive information (username device id ...) private.
Placeholder
Placeholder
Placeholder
just asking if it will work on 4a5g too due to similarities with Pixel5 or not?
creezalird said:
just asking if it will work on 4a5g too due to similarities with Pixel5 or not?
Click to expand...
Click to collapse
Yes it should, although I don't have one and hence I have not tested it, but the program should work for all Pixel phones, and possibly all Google made phones. There is no difference in the process amongst these phones.
New Release: (See full details here on xda or here at github)
April 03, 2022 v2.0.0.0-pre release.
Major refactoring
Added Advanced (Expert) mode UI.
Basic mode keeps UI simple and hides expert features.
Support for setting active slot.
Reboot options (recovery, system, bootloader)
Moved custom ROM options to expert mode.
Added custom flashing to expert mode, can now flash to live (temporary root), or custom flash any image to any partition.
Moved flashing to both slots, disabling verity / verification to expert mode.
Many other improvements, validations and checks.
Updated documentation.
Update:
Version 2.0.1 which includes a hotfix for issue reported here.
New Release:
April 06, 2022 v2.1.0 release
Setup dedicated profile directory.
Put logs in the profile directory and maintain log history.
Plumbing for Linux support (just the flashing part is left to do).
Plumbing for new workflow.
Bugfix to handle name conflict in ROM filename.
Various minor improvements.
Update documentation.
New release:
April 10, 2022 v2.2.0 release
Linux support.
Remember last window position.
List Magisk modules, when Magisk is detected.
Added fastboot verbose option.
Added more checks and validations.
Added more details when errors are encountered.
Cleaner message box (better formatting).
Notice to the user in case fastboot drivers are not setup properly.
More plumbing work for the new upcoming workflow.
Add notes on how to build the Linux version.
New release:
April 11, 2022 v2.2.2 release
Linux Improvements, warn user if selected SDK is old.
New Release:
April 19, 2022 v2.4.0 release
Magisk modules management, enable / disable modules selectively, this comes in handy to disable suspect modules before an upgrade.
Autoscroll the console.
Code cleanup.
April 17, 2022 v2.3.0 release
Optional automatic check for updates feature.
Added help menu links to:
- Report an issue
- Feature Request
- PixelFlasher Project Page
- PixelFlasher Community (Forum)
- Homeboy76's Guide
- V0latyle's Guide
- Open Configuration Folder
- Check for New Version
Icons for menu items.
Link to download Pixel Firmware.
Link to download Android Platform Tools.
Unlock Bootloader.
Lock Bootloader.
SOS (experimental) - disable Magisk modules to get out of bootloop.
Additional flashing options:
- product
- system
- system_ext
- system_other
- vbmeta_system
- vbmeta_vendor
Added sideload flashing option.
Updated documentation.
Further improved console messages for troubleshooting.
Linux build using Github Actions.
Manual build for Kali Linux.
Bug fix release:
April 20, 2022 v2.4.1 release
Bug Fixes: Error message during flashing, introduced by code reshuffle.
It turns out that some Magisk Modules don't set the id, which was expected to be present, which caused Magisk module management screen not to display.
New Release:
April 30, 2022 v3.0.0 release
New workflow, no more package preparation, select options and flash all dynamic.
boot.img caching and management UI with details about the state of boot.img files.
Faster as there is no more need to zip a package.
Other optimizations and improvements.
Update documentation.
Check the main thread or the Github page for details about the new workflow, hope you find it useful.
New Release
May 02, 2022 v3.1.0 release
Fixed a missing step in the final flashing of boot.img
Decoupled Firmware / ROM processing from selecting the files, now we have a separate button to process, makes it clearer and does not give the impression that selecting the file is hanging.
Added splash screen (v3.0.1), the GUI refresh hiccup is gone.
Made the boot.img management delete function more extensive.
I flashed my phone with the May drop using this version.
badabing2003 said:
New Release
May 02, 2022 v3.1.0 release
Fixed a missing step in the final flashing of boot.img
Decoupled Firmware / ROM processing from selecting the files, now we have a separate button to process, makes it clearer and does not give the impression that selecting the file is hanging.
Added splash screen (v3.0.1), the GUI refresh hiccup is gone.
Made the boot.img management delete function more extensive.
I flashed my phone with the May drop using this version.
Click to expand...
Click to collapse
I would like to make a request for your tool if that's ok could you give the option to open up diag for the Pixel 5?
elong7681 said:
I would like to make a request for your tool if that's ok could you give the option to open up diag for the Pixel 5?
Click to expand...
Click to collapse
what is diag?
what Am I going to open?
badabing2003 said:
what is diag?
what Am I going to open?
Click to expand...
Click to collapse
Diag port for using QPST from Qualcomm
elong7681 said:
Diag port for using QPST from Qualcomm
Click to expand...
Click to collapse
Is this what you want?
Code:
adb shell "su -c 'setprop sys.usb.config diag,adb'"
just type this and see if it works, if it does, very easy to add.
I don't have a Qualcomm device to test with
badabing2003 said:
Is this what you want?
Code:
adb shell "su -c 'setprop sys.usb.config diag,adb'"
just type this and see if it works, if it does, very easy to add.
I don't have a Qualcomm device to test with
Click to expand...
Click to collapse
Code:
adb shell
su
resetprop ro.bootmode usbradio
resetprop ro.build.type userdebug
setprop sys.usb.config diag,diag_mdm,adb
diag_mdlog
cancel (ctrl+c) once it starts to "hang" at failed to open diag socket
change usb config (file transfer, no file transfer)
This is how it is done for the Pixel 5