Part 2

How to SU from a Dev’s perspective (SELinux context)

Master su.c vs. 4.2.2 su.c vs. community su

In 4.3

3 changes to zygote

  1. remounted the partition nosetuid that’s forced the daemonization
  2. No new privs for 3.5 and greater kernel. NO_NEW_PRIV will refuse to exec su. Backported to 3.4 kernel for specific android devices
  3. Capablity bounding set — read the docs

in 4.4 onwards onwards SELinux added additional enforcement

Socketization for proxying su calls

Koush SuperSU —

Supervisor program.

Daemonization and socketization:

Part 3:

Rooting process — exploit that elevates privs to remount sys partition


While researching for public research on this topic, I found a lot of very disparate resources that talk about root but none of them were consolidated. I’ll try to illustrate how root on android works. Before we get into the details, we must understand some underlying basics.

The Builds:

AOSP (Android Open Source Project) comes with 3 specific make configurations viz:


  • This is the build that’s primarily used for developing Android.
  • This build comes with su binary and adb enabled by default.
  • The su binary in this build is only accessible by certain uid (More on this later)
  • SELinux can be…

西府咪 or XifuMi

An Introduction:

Voices from the Western House
A objective analysis of many things Computer Security esp. Android coming from the West.

Though 西府咪 is a nonsensical word (rather doesn’t make any sense to a native Chinese reader), but it’s an admixture of nickname I was given by my colleagues. So often I’m called 西服 could be translated as Western House or House of the West. 咪 means microphone, so in a way by combining the two characters I’m trying to say this blog is Voices from the Western House.


Most of the topics in this blogs…


This persona is technically unemployed hence is not supposed to be a corporate mouthpiece. Android Malware specialist, computer security generalist.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store