The announcement of Android 4.3 last month may have disappointed some people in terms of lacking the usual fireworks, but there was a change that caught some developers by surprise: the inclusion of SELinux as Android’s security system. This seemingly small change has caused many an Android geek to worry not exactly about security but about the ability to gain privileged access in the future. The summary of it is that we’ll still be getting root, but getting there will be different.
SELinux is a security system that goes beyond the simple “normal user vs. root user” of a Linux-based system. It offers fine grained control on who can do what. In previous Android versions, a process can simply be launched as root and it will have power to do anything. With the new system, you can still launch a process as root, but it will practically be able to do nothing except what SELinux allows it to do and nothing more.
Two possible ways are currently being investigated to get around this. The first is simple but also tedious. It involves connecting the device to a computer and using the command line to run commands as root using adb, the Android Debug Bridge. This has worked before for developers and will continue to work in the future. But it’s also inconvenient, as you need to always be connected to a computer. Not to mention always having to type commands for every task.
The second way resembles the normal root access but is also the most debated method. This way requires use of a su (super user) daemon, a process that is started up when the Android is started, sits quietly in the background while waiting for it to be called, does its job and then goes back to sitting in the dark. Sounds convenient, right?
The problem is that, as mentioned, the su daemon needs to run when Android is started. And to do this, you need a modified boot image, and there lies the problem. A modified boot image can only be acquired by flashing a custom firmware, something like CyanogenMod. This poses a potential problem for users of “Stock” Android systems, who currently use nothing more than a rooting app.
It is still not clear whether Google, who is definitely aware of the strong rooting culture in the Android community, is planning to do anything to improve the situation. But as things stand and for the future, gaining root access might require flashing custom firmware.
0 comments:
Post a Comment