How does su work on android? And what are the pre-requisites for it to work? What is rooting on Android?

Question

Possible Duplicate : what does the su mean: process = Runtime.getRuntime().exec("su");

I am tired trying all the different things yet i am still unsuccessful in understanding when will su work. What is rooting a device in Android? Someone please please help me with this.

I replied to the following question. The solution i posted there, i tested and also it worked.

Adding full permission for a image file in android.

Here is my question :

I tried Following.

Copied su.

Installed SuperUser.apk,

From program i called su and then using the newly created process i performed the required operations.

This has 2 results.

1) When the device is rooted(like executing Permanent root option in z4root), It works, it changes the system file permissions.

2) When device is not rooted, It doesnot work.

Kindly explain what extra thing does z4root performs which makes the task possible. Explain in brief please.

Let me know if my question is not clear. Thanks a ton..

Answer 1

What z4root (or any other rooting program) does it runs some exploit to change its own uid (user-id) to 0 (root). You can think of it as of performing some kind of hack and tricking kernel into thinking it actually has the right to be root (then if z4root was a virus it could do everything with your phone from installing keyloggers to bricking it). Of course if it is possible to trick kernel in such a way to give you root access it is considered a security vulnerability (any app could do that and perform some malicious stuff) and usually gets fixed in future kernel updates (that's why z4root may not work if you upgrade your firmware).

When z4root has set its uid to 0 it does the following: remounts /system partition as writable (by default it's read-only), copies over su binary, Superuser.apk and busybox and then remounts /system back as read-only.

So how does the su binary give you root access without doing "the hack" thing when normally applications have same uid as parent process? This is because su binary has set-uid flag set and is always ran as uid 0 (root).

Now, if you have copied su binary over to /system/bin then you must have had root access which means you just forgot to change owner/permissions (chown root:root /system/bin/su; chmod 6755 /system/bin/su) but you still need root access to do that.

Answer 2

When you root a device you overwrite or modify the OS image in the ROM to give you elevated permissions. Installing applications in user mode cannot possibly give you a privilege escalation in any version of Linux anywhere. If any user could make themselves root by "copying su" there would be no such thing as security.

Answer 3

I'm not sure what you're asking, but it seems a simple thing. You're trying to become "super user", or do stuff with superuser rights. You can only do this if you have the actual rights to do so, given to the user-account currently running on your device. Normally you don't have that right.

Keep in mind that "superuser" is the same as "root"

• If you "root" your device it means you give yourself the right to become superuser. You can do stuff that requires to be super user: "su" is one of those commands, as it says "log me in as superuser". You obviously need superuser permissions to become that user.
• If you haven't rooted the device, you don't have the rights to do the stuff superuser can. So calling su won't work.

So you can only do root stuff if you've rooted your device.