Android L is for "Lockdown"

Lith1um

2[H]4U
Joined
Aug 3, 2004
Messages
2,906
Chainfire made an interesting post on his Google+ page. Lollipop looks like it will make android more secure, which will probably be good for enterprise, but make life difficult for customers of some carriers that want to root their devices.

I can see this leading to some pissed off consumers, and an eventual "push back" in the form of a class action lawsuit brought against the carriers over their canned bloatware apps and things like precanned browser bookmarks that cannot be deleted. People are tired of corporations shoving bloat and.spam down their throats.


https://plus.google.com/+Chainfire/posts/VxjfYJnZAXP

Chainfire
Shared publicly - Oct 19, 2014


On LPX13D, SELinux, and root

As promised, here are some more details about the current situation.

Why it breaks

Google has really put some effort into better securing Android, and we've seen a lot of SELinux related commits to the AOSP tree over the past months. There is some disconnect between the AOSP tree and actual L preview builds, some things from AOSP are not in the L preview build, and vice versa. Ultimately, it's a pretty good bet these things will mostly align, though.

On most devices and firmwares, SuperSU's daemon is started by the install-recovery.sh service script that runs at system boot time, as user root with the init context. This is what the daemon needs to function.

Recently, they've started requiring all started services to run in their own SELinux context, instead of init. Developers and security guys following AOSP have known this was coming; AOSP builds have been logging complaints about this specific service not having its own context for a while now.

Now this script runs as root, but as the install_recovery context, which breaks SuperSU's operation, as it is a very restrictive context.

In the last AOSP build I have tried (a few weeks old), there were a fair number of other holes that we could use to launch the daemon. At first glance(!), it seems those have all been closed. An impressive feat by the guys working on this, if it proves true.

How to fix it

To fix root, all that really had to be done was ensure the daemon's startup script is run at boot as the root user with the init context.

There are multiple ways to do this, but unfortunately for now it seems that it does require a modified kernel package (changing the ramdisk).

In the modified kernel packages I've posted for the Nexus 5 and Nexus 7, the daemon's startup is fixed by commenting out the line in init.rc that forces the install-recovery.sh script to run as the install_recovery context, so now it runs as init again, and all is well.

Repercussions

As stated above, it seems for now that modifications to the kernel package are required to have root, we cannot attain it with only modifications to the system partition.

Combine that with a locked bootloader (and optionally dm-verity) and a device becomes nigh unrootable - exactly as intended by the security guys.

Exploit-based roots are already harder to do thanks to SELinux, and now because of the kernel requirements for persistent root, these exploits will need to be run at every boot. Exploits that make the system unstable (as many do) are thus out as well.

Of course, this is all dependent on OEMs implementing everything exactly right. If a certain OEM doesn't protect one of their services correctly, then we can leverage that to launch the daemon without kernel modifications. While I'm fairly certain this will be the case for a bunch of devices and firmwares, especially the earlier L firmwares, this is not something you should expect or base decisions on. It is now thus more important than ever to buy unlocked devices if you want root.

It might also mean that every firmware update will require re-rooting, and OTA survival mode will be broken. For many (but far from all) devices we can probably automate patching the kernel package right in the SuperSU installer ZIP. We can try to keep it relatively easy, but updating stock firmwares while maintaining root is probably not going to work as easy and fast as it did until now.

Apps need updates

Unsurprisingly, with a new major Android release, apps will need updates. None more so than apps that go beyond the Android API, as root apps do, but even some non-root apps will be affected by the security changes.

As one example, someone posted in the SuperSU thread of a kernel flashing app that didn't work. From the logcat you could see that it was looking for partitions in /dev/block from its normal non-root user and non-init context. That used to be possible, but now it is restricted: normal apps no longer have read access there.

The solution for that app is actually quite simple: list the /dev/block contents using root instead. But simple solution or not, the app will still need to be updated.

By far most root apps should be updateable for L without too much issue. There are indeed exceptions that will need some special care, but those are rare.

Permissive vs enforcing

The kernel packages I posted for the Nexus 5 and 7 LPX13D firmware keep SELinux mostly set to enforcing. I say mostly, because SuperSU actually switches a small part of the system to permissive, so apps calling su can do most things without much interference. The details on this are lengthy (yes, your apps will be able to modify policies as well if needed, which should be rare), and I will document these for other developers after L retail release, assuming it will all still work at that time.

Alternatively, you can set the whole system to permissive or otherwise disable SELinux. There are other kernel packages released that indeed do this. The advantage here is that it instantly fixes some apps' issues, as the SELinux based restrictions have all gone the way of the dodo. The disadvantage here is that you've just shut down a major part of the security system of the device.

Some would argue that a device with an unlocked bootloader, root, encrypted modem firmwares of which nobody really knows what they're doing, etc, is inherently insecure, and thus disabling SELinux doesn't make much difference.

I personally disagree with this. While I do agree that these things weaken security down from the ideal level, I would still not disable more security features than I absolutely need to. Just because you cannot eliminate all attack vectors, is no reason to just completely give up on defending against them.

It is of course your own choice if you want to run a permissive system or not. I will strive to keep everything working in enforcing mode though, and I hope other root app developers will do the same - as stated earlier in the post, I believe this is still possible.

(everything in this post is subject to change for retail L release, obviously)
 
I doubt much, if anything, will happen. Most users don't root their phone. Yeah, it will affect the nerd community, but the community isn't anything close to a majority.
 
I doubt much, if anything, will happen. Most users don't root their phone. Yeah, it will affect the nerd community, but the community isn't anything close to a majority.

It defeats the purpose of it being an open source software doesn't it?
 
It defeats the purpose of it being an open source software doesn't it?

Unless you're buying a developer phone, you're not buying open source. Buying Samsung, HTC, Moto phones, you're buying the OEM's closed-off version of an open source OS. That's you're choice as an informed consumer.

All open source means is that everybody has access to the source code. It doesn't necessarily mean that OEM's are required to provide full access to the code on their implementations of the OS.

If you want true open source, buy a developer phone.
 
It defeats the purpose of it being an open source software doesn't it?

What you buy us not open source, it's based on free, open source code/info from Google. A phone being locked has zero to with the software in which it originated from.
 
Not good news for me as a prospective Droid Turbo buyer ..... I guess that Nexus 6 doesn't look as bad now :/ I just don't want a tablet as a phone....
 
Not good news for me as a prospective Droid Turbo buyer ..... I guess that Nexus 6 doesn't look as bad now :/ I just don't want a tablet as a phone....
You'll get use to it in your hands. It's if you can fit it in your front pocket if you're a person that does carries it that way. My Note 3 was huge at first but after some time I couldn't go back to a smaller phone. Still takes up my whole front right pocket though.

I'm probably going with the Nexus 6 myself over the Note 4 unless they come out with a developer edition of it like they did the Note3. I bought the Verizon Note 3 before I knew about the developer edition version of the phone, and nope, never again There is just too much shit installed on it (I can't take off), it's ridiculous.
 
I've heard a truism for Android: it's open for manufacturers, open for carriers, closed for you.

That's not completely true, of course, but it illustrates one of the problems with Google's conventional attitude toward its code: because it lets companies lock Android down, this isn't really an open source operating system in practice. It merely gives you more flexibility if and when your OEM/carrier allow it. Ironically, there are times when iPhone and Windows Phone users have more flexibility, simply because Apple and Microsoft are stricter about what carriers (and with Windows Phone, OEMs) are allowed to do.
 
I've heard a truism for Android: it's open for manufacturers, open for carriers, closed for you.

That's not completely true, of course, but it illustrates one of the problems with Google's conventional attitude toward its code: because it lets companies lock Android down, this isn't really an open source operating system in practice. It merely gives you more flexibility if and when your OEM/carrier allow it. Ironically, there are times when iPhone and Windows Phone users have more flexibility, simply because Apple and Microsoft are stricter about what carriers (and with Windows Phone, OEMs) are allowed to do.

This has nothing to do with how open source the OS is. The OS is absolutely still open source. An open source OS does not mean that you are getting open hardware, that is a different beast entirely and the two should not be conflated.
 
Reasons to buy a Nexus...+1


Not-unlockable bootloader now means you are stuck with a forever stock forever non-adblockable ad server of a phone.
 
No comment, except what they did with SD cards in Kit Kat was horrible. I can't even tell if their excuse for that is legit or not.
 
Seems like the whole OS regresses a lot in many areas with each update. Upgrading involves a compromise.
 
Seems like the whole OS regresses a lot in many areas with each update. Upgrading involves a compromise.

The browser is a perfect example of a step back followed by another step back. First they killed browser quick controls, then they killed text reflow. Seriously, Google has jumped the shark.

Thank god there are good rom developers out there.
 
I hope android locks down android for good. You don't need root to use an android phone.
 
You're correct, no one needs too. It sure does allow for alot of cool developments on a phone though.

I mean who doesn't want to pay $100 monthly to have an ad server eating into their data allotment
 
This has nothing to do with how open source the OS is. The OS is absolutely still open source. An open source OS does not mean that you are getting open hardware, that is a different beast entirely and the two should not be conflated.

It absolutely does. There's theoretical freedom, and then there's real freedom. Saying "it's open source!" means nothing if all the good stuff requires the same sort of closed code that you'd get from everyone else.

Then again, the value of open source itself is frequently overstated. There's a hilarious irony to OSS die-hards being some of the most trapped and enslaved computer users on the planet -- they ban themselves from using so many things that they can't effect actual change. If Richard Stallman was in Tunisia or Egypt during the Arab Spring, he'd have been more concerned with getting the regimes to use Linux than coordinating protests (which would've required eeeeevil, proprietary Facebook and Twitter).
 
They're going the way of the DoDo Bird. And if you're on VZW you are outright fcked.

That's a trade off you make for signing up with them. You have several other options for wireless providers that will allow generic GSM developer devices.
 
That's a trade off you make for signing up with them. You have several other options for wireless providers that will allow generic GSM developer devices.

...how much of a trade off is it when your "generic GSM developer" devices are on carriers with precisely zero coverage?

You can trade having rooting in exchange for being unable to make or receive calls or use your device at all. Sounds like a perfectly reasonable trade off.
 
It absolutely does. There's theoretical freedom, and then there's real freedom. Saying "it's open source!" means nothing if all the good stuff requires the same sort of closed code that you'd get from everyone else.

This reminds me of OS X somewhat. OS X has open source components, but the good stuff is closed source. When applied to Android, "open source" doesn't mean anything to me if I can't use the closed source Google apps.

Imagine if we had to use a Google approved Android to use Google apps? I can see where this is heading.
 
HTC is hugely overlooked when it comes to discussions like this. If you walked into your local carrier store, bought an HTC one m8, and wanted to unlock the boot loader that at&t decided to start locking a few years ago, you would just need to go to htc's website and download their in house made, officially supported program that unlocks it. I really love how much effort HTC is putting into supporting the people who support them.
 
I'm not really concerned. I used to root and load ROMs all the time with my various phones. When I got my G2, I rooted it and never bothered to actually do anything with the root. I just didn't feel like I needed to. The stock software does everything I need/want, it has no noticeable slowdowns, and has great battery life. As long as my phone has those qualities, I have zero reason to care about root access or locked bootloaders.
 
This reminds me of OS X somewhat. OS X has open source components, but the good stuff is closed source. When applied to Android, "open source" doesn't mean anything to me if I can't use the closed source Google apps.

Imagine if we had to use a Google approved Android to use Google apps? I can see where this is heading.

Again has absolutely nothing to do with the topic at hand.

The OS is open source, the closed source components that Google has have NOTHING TO DO WITH 5.0 being locked down from rooting. You could see the entire source (and you can) for that and it makes no difference.

Ultimately the changes in 5.0 are a good thing and make the OS more secure. The problem is locked bootloaders preventing users from gaining root access if they want it to the device they own.

Preventing people from using exploits / hacks to gain root access on their phone has about as much to do with Open Source as cheese does with the moon.
 
I mean who doesn't want to pay $100 monthly to have an ad server eating into their data allotment

What in the hell are you talking about? Oh God No! An app has ads! God forbid devs try to make money off their hard work! OH GOD! Damn those websites for wanting some ad revenue to help offset the costs for giving away information for FREE.

Let me guess you block ads here on the [H] don't you?

I hope android locks down android for good. You don't need root to use an android phone.

Android is almost there to where I don't need root. I still require it though for my firewall app and Titanium Backup.

With Lollipop and transferring data between devices TiBu may become unneeded in the near future.

My firewall app though I will need unless Google adds an API to access IPTABLES.

Buy a phone with an unlockable bootloader

Problem solved

Exactly. Root will always been attainable on a device with an unlocked bootloader.
 
If Google wants to get rid of the bloatware, it's totally within their power. All they have to do is prevent carrier apps on GApps certified devices the way Apple does. They have enough pull at this point to do it, and with all the popular non-Apple device makers in their pocket they can use the customer to force the carrier's hand. The truth is that Google doesn't really care about bloatware and carrier-apps or they would have already done something about it. They'd rather let the carriers control your experience than you. At least Microsoft and Apple had it right from the start and don't let the carriers fuck with the ROM. Maybe Android Lollipop will be the spark that motivates a device-maker to bring a Firefox Phone to the US. If we can get a device like the Moto E running FirefoxOS here in the US it'll start eating Android alive from the feet up.
 
...how much of a trade off is it when your "generic GSM developer" devices are on carriers with precisely zero coverage?

You can trade having rooting in exchange for being unable to make or receive calls or use your device at all. Sounds like a perfectly reasonable trade off.

Then go complain to Verizon that you don't have any unlocked bootloader phones available on their network, or that they don't use typical GSM bands. This isn't an Android problem, it's a carrier and OEM problem.
 
Then go complain to Verizon that you don't have any unlocked bootloader phones available on their network, or that they don't use typical GSM bands. This isn't an Android problem, it's a carrier and OEM problem.

Complaining to a carrier about locked bootloaders is like yelling at a cinder block wall.
 
Complaining to a carrier about locked bootloaders is like yelling at a cinder block wall.

You don't complain to carriers, you just switch. If you're on Verizon there's nowhere to go but up, anyway.
 
If Google wants to get rid of the bloatware, it's totally within their power. All they have to do is prevent carrier apps on GApps certified devices the way Apple does. They have enough pull at this point to do it, and with all the popular non-Apple device makers in their pocket they can use the customer to force the carrier's hand. The truth is that Google doesn't really care about bloatware and carrier-apps or they would have already done something about it. They'd rather let the carriers control your experience than you. At least Microsoft and Apple had it right from the start and don't let the carriers fuck with the ROM. Maybe Android Lollipop will be the spark that motivates a device-maker to bring a Firefox Phone to the US. If we can get a device like the Moto E running FirefoxOS here in the US it'll start eating Android alive from the feet up.

If you want to see bloatware, take a look at GApps itself. And now Google is going to require all handsets to be pre-loaded with 20 (!) of their crappy Google apps.

http://www.engadget.com/2014/09/26/google-app-requirements-android/

-- But only Google can save us from the evil carriers' bloatware. --

And I don't understand this obsession with there being "the one true lone only" acceptable Android experience, like Google should lock us all into the same kind of conformity that is a cancer on the Apple and Windows platforms.

If you want the pure, unadulterated, inspired by a hipster's 3yo child Google experience, then just buy any one of the "pure" Android devices out there. Why do you have to force everybody to conform to your view of how the device should look and operate? Maybe I don't like what you like.

Frankly my criticism is that there isn't enough diversity in Android and it all seems to be consolidating around one, boring Google experience. I would like to see a great wealth of different software, themes, and styles to set the various phones apart. I don't mind the idea of there being a "Samsung phone" or a "Moto phone" rather than just the overarching "Google phone".
 
If you want to see bloatware, take a look at GApps itself. And now Google is going to require all handsets to be pre-loaded with 20 (!) of their crappy Google apps.

http://www.engadget.com/2014/09/26/google-app-requirements-android/

Google Apps aren't bloat, they're half the reason to buy an Android phone. And if the Google Apps are "crappy" so is everything else on the platform because the GApps are all made by first-party developers with unfettered API access.

If you don't want the Google Apps, why the heck are you buying an Android phone in the fist place? There are better options to pick from if you are already part of another ecosystem.
 
I'm not really concerned. I used to root and load ROMs all the time with my various phones. When I got my G2, I rooted it and never bothered to actually do anything with the root. I just didn't feel like I needed to. The stock software does everything I need/want, it has no noticeable slowdowns, and has great battery life. As long as my phone has those qualities, I have zero reason to care about root access or locked bootloaders.

Same here. With all the choices now for a stock android phone, I haven't felt the need to. Even my my m8, Sense 6 is great on its own. Lots of room for customization inside Sense without the need to root. I couldn't stand using the UI on a G3 or Galaxy phone.

As for bloatware, I would like to see Google come out and require ALL apps be able to be deleted on any device, even their own stock apps.
 
Lol at google apps being bloat. The only reason I have an android phone is for the google apps......
 
If you don't want the Google Apps, why the heck are you buying an Android phone in the fist place? There are better options to pick from if you are already part of another ecosystem.
The phones are great but the google apps are bad, they're pure spyware. So when you have a stock Android phone with no google apps you have a great phone that doesn't spy on you, when you add the google apps you now have a good phone that spys on you.

I don't need google apps myself to still like an Android phone.
 
Back
Top