Android Rooting (not) possible without upstream OEM Dev tools now?
As stated in the title. Like seriously? I am probably *very* late to the party, but If what I am realizing is true then “rooting” as it existed is dead and that is terrible. Hear me out:
So I haven’t found a need to Root in a LONG time, and I haven’t bought any type of modern android device for a while. Except for my most recent phone where the company no longer gives out boot loader codes, everything i had was old enough that I could probably root it. i’ve flashed more modern versions of android to them and I was ok with that. I always just did it for fun and ROM hopping.
So having learned much, much, more from when I used to root, to now, where I am more comfortable trying to modify files and dump files myself, i get hold of a marshmallow tablet from a family member that i started poking at. My thought was I’d get root, clean up the bloatware from this thing a bit, port a custom recovery and dump everything and compile a more recent version of android and flash it. This is important: it’s not a major brand-name tablet, like a samsung or LG or something. It is a rebranded digiland tablet that is sold as an “Insignia machine” at Best Buy stores I think. I’m well aware that this would be a machine no one would have bothered porting. I was not looking for anyone else’s tools. I knew I would be the one to have to do this. Offbrand machines were still ported (when i used to root) because the system files could still be dumped manually (basically, what allowed the explosion of the BLU/chinaphone modding scene). I thought this was a no brainer, and boy was I wrong.
The bootloader unlocks as expected and i start poking around with ADB. Security patch is before 2017 so I compile dirtyc0w and it works. Cool. Let’s find boot, recovery and system because this is not an A/B device. I’d save myself some time and just let magisk patch my recovery, flash it, and call it a day. From here, get a proper system explorer working, find the directories I want then dump them with dd or something if this thing comes with toybox/busybox.
First red flag was the binaries in the toybox toolkit that was pre-installed did not work in my shell on certain directories. Okay, just maybe flip the Selinux bit. Now I see it still dosen’t work. [Watched](https://www.youtube.com/watch?v=x6hdmpm7AMY) an selinux refresher, and the usual googling, and find [this.](https://android.stackexchange.com/questions/213167/how-magisk-works)
So selinux apparently lives in boot now and is part of init.d. There’s no way to catch the sepolicy rules before boot to modify it before breaking android’s “chain of trust” which will hard brick a device because the default behavior is “do not boot”. At this point I have accepted that that device i had a hold of would not be rootable. But then i realized something much worse about rooting in general now…
This is magisk’s lynchpin; you need to have access to a boot/recovery image that is bundled in the .bin files of A/B devices delivered OTA updates…because you can’t rip your own anymore.
The thing is, lots of OEMs still don’t provide OEM updates. I get the intent of Treble and the idea that this would facilitate less fracturing and making it easier to ship updates…but that still means an OEM would have to want to do that, and if their product portfolio is fractured across specs and hardware,even minor changes such as a mid range device has a one band antenna or a cheaper specced ram SMB or one less module, good luck getting those updates on anything that’s not a flagship. Not all companies have github repos like motorola and samsung with device trees and archives of OTA files, and from a Dev perspective, do they want to support ALL those device trees? With the lack of device support in mind, this leads me to another issue.
We haven’t had treble for 3 years yet and for my handset, even though it is no longer supported by the company, I can’t get a bootloader key, which presents an OEM issue. I get the selinux enforcement; with the advent of an exploit like dirtyc0w, the state of selinux shipping as permissive or partially enforced at that time, and the creation of “wireless adb” it was the perfect storm; but given the nature of rooting moving forward with modern devices, i think its inexcusable to make users register for a bootloader key. it requires physical access to unlock a bootloader and if a manufacturers’ dev server updates to no longer serve that device; you’re out of luck. if you have selinux AND chain of trust in place, what use is a bootloader key really? It seems useless because of the redundancy chain of trust provides; if you were not meant to alter that chain in any way, why make the bootloader unlockable to begin with?
Learning all this I feel like the hardware hacking scene has sailed for android; everything worth hacking on android is just a web app now; Phones are just a terminal to a service’s mainframe. When those libraries get updated and it is pushed that those libraries are not gonna be authorized to run, you can’t even tell the phone to authorize those libraries to use it; you cant go into selinux and change app policy.
The dev scene shouldn’t be pay to play either; why do i need to buy a flagship within the active development window at full price if i want to do any development deeper than the app level? Short of the pixel environment, where you can get decent devices that are sub $500, how would you get “developer” experience on the system level for android something like Samsung’s ROM envrironment, short of working for Samsung? they structure it differently than what ships on a pixel or a stock/google zero device. On top of that, the notion of purchasing a flagship is to get the greatest most feature rich experience that vendor has to offer; what incentive do you have to develop for that platform if the OEM has already jam packed it it so much the average user would want? No wonder everything short of a flagship in the past 5 years runs like shit as stock; there’s no one working on midrange anymore; its harder to get access to a dev kit for these handsets. If the whole OS is rewritten to rely on vendors providing binaries to the public rather than letting you rip your own if you took it upon yourself, that’s telling everyone you want these devices to stay like this and run like crap. Hardware in the embedded space is more durable than most give credit to, it’s the software that ruins this experience in the end.
I think what’s irking me is that treble was proposed and advertised as intended to make modding easy,albeit with caveats placed on the OEM manufacturers, but other concurrent actions killed it.
TL;DR: old-time rooter/modder learns selinux makes rooting dependent on developer tools and file repos that mostly only exist for flagships that you need to buy and unlock before their MSRP deflates and is no longer a supported product; no more mid-range modding to edge out some extra performance or add features software based features of your own. It’s almost like a ton of shitty android junk in the near future is “planned” to exist or something. I think this is a bad precedent set chasing the coattails of apple and Android’s marketshare is gonna make tons of e-waste incomparable to Apple’s footprint.
Rooting as I’ve known it is dead, no wonder I go on XDA now and it reads like Android Central.