Shared publicly  - 
Next Android version: even more breakage

A while ago, I already reported on the state of AOSP and its repercussions for root apps -

With 4.4.3 (or 4.5, or ...) expected to be released very soon, it was time to take another look at the state of AOSP, and it appears there are changes aplenty! Of course, current AOSP is not the same as stock 4.4.3, so some things may yet change - though I don't really expect them to.


Let's get this out of the way first - I have built a new version of SuperSU (v1.97) with all the massive changes required to work on the latest AOSP builds. It is linked in the box below, or you can click here -

I am not spreading this version through Play just yet, but I encourage all tech-savvy users to give it a shot and report back issues, not just for AOSP builds but also for older common firmwares.

I have tested this build on over a dozen devices running various Android revisions in various states, and it all worked for me. The first rule of Android development thus guarantees that there will be a lot of breakage and it will crash for absolutely everyone - so don't forget to report those problems.

The XDA thread for SuperSU can be found here - - and is the preferred location for feedback. G+ comments do not work as well for bug reports.

Of course, my How-To SU guide - - has also been updated with the changes, and aside from the rest of this post, I would urge every developer to re-read the SELinux section.

SELinux on steroids

In my previous post on this subject, I already mentioned the need for root apps to switch contexts for certain situations. The method I used then no longer works on AOSP (it was already broken on Samsung's latest 4.4 stock firmwares as well), but the relevant code for the -cn/--context su parameter has been replaced with a version that does work again - and is much, much more complex.

Context switching is becoming much more important for root apps, as SELinux policies have been made significantly more secure. For example, executing code in /data as root doesn't work in the default context, and calling Java-based code (like 'am' and 'pm') should no longer be done from the default context either, as things will break in new and exciting ways; apps contacting daemons using sockets as IPC mechanism no longer work out-of-the-box; the list goes on - the How-To SU guide has details on these issues and on how to switch contexts to solve them.

Thanks to these changes, SuperSU has gained some more binaries in its installation, so if you are doing custom ROMs with integrated SuperSU, be sure to look at the new flashable ZIP and copy the changes/additions.

Additionally, the SuperSU daemon now must run as the init context (not the init_shell or whatever context), or things will not work correctly. This was always the way it was meant to be, but I know this is not the case on some custom ROMs.


It seems ART is now the default setting in AOSP. It remains to be seen if that is carried over to production firmwares, but it creates some issues for root apps.

Above I detailed the need to call Java-based code like 'am' and 'pm' from a different context. Of course, existing root apps don't yet do this. If you're running Dalvik, some of the 'am' and 'pm' options still work without issue, and some simply don't work at all. If you're running ART though, the combination of SELinux restrictions and the immaturity of ART can cause crashes that take down the entire system.

That's right - the wrong call to for example 'am' will crash Android entirely and ultimately lead to a reboot. Not to mention that it will then also have to re-optimize all the packages (snore). Maybe this will be fixed before official release of 4.4.3, but I wouldn't count on it, as these crashes never happen outside of root apps.

As such, I would advise early adopters of root apps on 4.4.3 to run Dalvik for the moment, and for developers to make haste testing with ART on current AOSP builds.


It also appears PIE (Position-Independent Executable) is now a requirement. Non-statically built executables must be PIE, or they will not run at all (even if switched to the right context).

PIE has been supported since Android 4.1. So this means that if you are not using statically built executables, you need to provide a PIE and a non-PIE version if you want to support both pre-4.1 and post-4.4.2.

Note that the NDK's's APP_PIE option can be used to enable building your executable as a PIE.

For a lot of root apps this is not a problem, as they come with statically linked executables (if any), which still work. But some apps will definitely choke on this.


This version of SuperSU took quite a bit longer to update than I had expected. For most apps, work-arounds (if needed) will not be very complicated. Unfortunately, most of the simple work-arounds were not viable for SuperSU and all it's edge cases - they would seem to mostly work, but then I'd run into a needed case where it didn't - repeatedly. Granted, I didn't know that much about SELinux when I started out - and now I feel I know more about it than any sane person could want ... live and learn!

Either way, these additional changes made in AOSP since the last time I looked mean that a lot more root apps will need updating than I initially thought - still by no means all of them, but certainly a lot of them.

Let's get to it!
Full firmware flashing straight from the device itself and ROOT in the process ! Never be without ROOT again ! SuperSU. The best Superuser access management available ! DSLR Controller. Control your Canon EOS DSLR from your phone ! PerfMon. The Performance Monitor that floats on top of all your ...
adam elliott's profile photojunaid abbas's profile photo요한ll ll이's profile photoChainfire's profile photo
Thanks for all of your great work. Flashing v. 1.97 on my Gnex right now
Isn't 4.4.3 already out? You are talking about 4.5 right?
+Allen Edmonds i thought it went live for Nexus 5 the very next day 4.4.2 came out for it. Some people even joked Google was doing nightlies now. Hahahahaha.
Could I flash it on aosp 4.4. 2? Or must to wait for 4.4.3 imperative? 
+john hallanger

I'm afraid of! ! Are you sure? Really

sounds like xposed framework will cause headaches in android 4.5 
I'm guessing a lot of AOSP master commits won't show up in 4.4.3, but will show up in a future release.
+Daniela Okafor ya hence I probably won't be rooting my s5 until new Android is out and released by Samsung 
I got a feeling if 64bit doesn't come out with but Android version. Would be the one after and that would change things up entirely! 
Thank u so much for making this so easy and convenient for nooks like me. Don't know what I would do without you.
This is why people should buy the SuperSU Donation package.  The next Android release issues with su are mostly solved before it's even released.  Thanks Chainfire :)
+Naitch35 no it bootlooped here at boot animation , I gave it 10min that's plenty of time . cool it didn't for u but it did here . nexus 5 stock ROM , elementalx, xposed . had to restore back up to get working , not even dirty flash wouldn't bring back. I'll try agn later 
Installed on Note 3 N900A (Att) running Dynamic Kat 4.4.2. Rooted of course. No issues booting FYI. apps refreshed for a few seconds and all is well so far.
+Naitch35 ya it became habit long time ago , 2 many times I kicked myself for not spending the 5 min to backup and thats always when something go's wrong ;P 
This is great info and thanks for sharing. That said, I'm just a user (now) and wanna scream from the hilltops how much you are appreciated. 
Installed on Note 3 running CivZ_FlexKat REv 2.8 with 3.4.39-SneakyKat-Rev 1.8- 4.4.2. No issues, many thx dude.
Sway La
Chainfire is AMAZING. I went pro with this app the minute I read the full description....... best money I ever spent!!!!! Thank you so much 
Я уже как месяц им пользуюсь Update скачал,и никаких проблем.Скачивал с XDA,спасибо им большое.Аминь.
Josh C
You're a wizard.
Josh C
+Sajador Skolotaié i don't have any complains about KitKat , in fact it is the most supported Android version i've saw before , it currently has like 10 roms already including CyanogenMod , and it's not slow it's preety fast
Yue Ma
I couldn't flash it on my Nexus 7 2013 running stock 4.4.2, while I did it successfully on my Nexus 4.
An approach I've been taking is to app_process my own apk and run a Main class. No need for binaries.
Я русский,и по английски no tolk.Но SuperSu-это 5+.Мой Samsung Ace Duos GT-S6802 and Alcatel One Touch все на нем.Пользуюсь Tы красава,успехов тебе!
Kept root on my Gnex running PA Beta4, Android 4.4.2. Running flawlessly
Ks Burn
Flash SuperSu (1.97)with CWM.. note 3 LTE custom rom issue...thanks +Chainfire..☆☆☆☆☆
Josh C
You solved me a ton of problems with CyanogenMod , thanks for the update
As I said already on another thread: for some people it would be useful if the donation package would be available through the amazon app store. While some people got Amazon Coins and would love to spend them for this. :-)
+Koushik Dutta I've been doing that for a small number of apps as well. It's a neat solution, but not a viable one for every situation/app. Still, you might need to switch contexts beforehand to prevent issues...

+Christian Koch Amazon is being annoying for me as they don't have a presence in my country yet. Perhaps in the future.
Want to update to new SuperSU but really dont want to get stuck In a bootloop mentioned in comments above..Note 3 n900t running X-Note v13 international with CivZ SnapKat kernel & newest Twrp..was reading on xda about restore issues with Twrp & im pretty scared to try a restore...anyone have a hltetmo with Twrp having issues with backup & restore? Any feedback would be greatly appreciated
I also lost root in N7.2 (deb) with v1.97, but v1.99 works just fine.
1.99 booted just fine no root loss or issues atm . im on stock with xposed and Gbox, elementalx kernel .... Couldn't get 1.97 to boot didn't try 1.98 
I'm looking for any experiences of using Survival Mode, going from JB to KK, specifically, 4.1.2 to 4.4.2. I have read root will survive this update, however, will lose R/W capability...can anyone confirm this, or otherwise?
SuperSu 1.99 install successfully on my MTK 6572 based 4.2.2 stock rom, via cwm . but always request to update su binary on every launch.
Genius ,if the rest of app devs would follow we could see a more efficient running root apks that run or can run executables and or change default values
Great but you have to add a new version for samsung galaxy beam